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> The 


purpose of this presentauon is to provide G 
; usiness need for Pay Rules Data Solution an " how TB B: 
different technolog meet the need. 


, to seek for GCEARB endorser nent. 
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| OCHRO is seeking to create a centralized repository of pay rules and 


entation that will be an accurate and authoritative source for use by all 
nterested ithi . 


parties within the Government of Canada (GOC). 


[E 


ag | 
Access to pay rules data is fragm 6 g 
g, research and analysis process for collective bargaining 


& LI 


pository of pay rules that facilitates research 
le to OCHRO and all of GO 


accurate re 
is accessib 


A complete and 
and analysis and 
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Number of pay rules are 
currently unknown, difficult 
to find and are written 
inconsistently 


* e 


| Create a single authoritative 
| source of pay rules accessible 
| to stakeholders. 


Pay rules research requires 


manually reviewi 


* 


ndexi 


à 8 


The application will support: 


Searchi 
Analyzing 
Standardizi 


| other sources 
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| IMTD performed very thorough business need assessment | | 

| and performed a solution option analysis that is considered - : Rated the best option; optimally 

in alignment to GOC digital standards. Based on analysis, | | balancing cost, business value, and 
the recommendation is to leverage an open source custom a achievability. 

| solution with intelligent search and machine learning 


Pros: 


. . : Supports enterprise-wide desire to move 
Leverage Microsoft text analytics technology : "e 
: from basic key-word search to intelligent 
Opportunity to use Platform as a Service (PaaS) for h 
search capability > Carer: 
Automate the data intake process 
| Cons: : | | 
- * A Additional investment required by leveraging new : Machine learning replaces the most 
- technology. Once implemented it would generate | : labour-intensive part of the pay rule 
savings moving forward when adding new pay rules | _ identification process. 
source documents. : : 


| * Pay Rules has gone through the Resourcing Committee review and TBS Architecture review board assessment 


and has received endorsement. 


e People Management Systems and Processes 
(PMSP) within the Office of the Chief Human | 
Resources Officer (OCRHO) is championing the Pay | 5 


|* TBS Information Management and Technology 
| Directorate (IMTD) Technical team is championing 


| the Project implementation. 
Rules project. 
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(Basic user) 


Rules 
(Advance User) 


(Single sign-on) 


PMSP 


l Admin 
Upload New Doc (Advance User) 
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1 Risk to quality as Machine Learning 
requires validated pay rule data to train 
the model 


PCRA: Project Complexity and Risk 
OPMCA: Organizational Project Management Capacity 
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OCHRO is seeking endorsement for the creation of a centralized repository of pay rules and supporting documentation that will be an 
accurate and authoritative source for use by all interested parties within the GC. 


Business e Multi-disciplinary team: Web developer, Data Scientist, BA, UX expert, and QA 
* Application is being developed in both official languages and undergoing accessibility testing 


Information Replacing a process that is currently using Excel spreadsheets stored in TBS GC Docs, and making the data more discoverable 
within TBS and available across the GC. 
Over time, this system should help to standardize language across collective agreements and other related documents. 
Data is stored in Azure Cognitive Search indexes and Azure Table Storage and is accessible via APIs that could in the longer 
term be opened up for interoperability if required. 


Application 


Technology 


Security & Privacy PIA and SOS complete, unclassified data with no risks. 


EA recommends EARB Endorsement of proposed architecture TBC 


Architectural Alignment: 


h% Fully ^ V Partially 
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i . E 
GC Digital Standards : Required for GC EA Assessment : 
li NOT to be part of Presentation  : 


* Required for GC EA Assessment 
* NOT to be part of Presentation 


GC Architectural Standards 


* Required for GC EA Assessment 


Additional Project Details | 
* NOT to be part of Presentation 


BOO 2000 10000. GHEE DOOOD 10000 10000 0000. GOO DOOOD 20000 MOOD OON! BOO) 10000 10000 KAN SOOO BOO) 10000 10000 HENS DOC DOOOO KKE (OO GN DOOOI MEE MODO OOOO! GM DOOOO HAO KAKA COR 


* Complete as required 
* NOT to be part of Presentation 


Algorithmic Impact Assessment | 


3 : 
Exemption Request Form i * Complete as required. ! 
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Design with users 

* Research with users to understand their needs and the 
problems we want to solve. 

* Conduct ongoing testing with users to guide design 
and development. 


Iterate and improve frequently 

* Develop services using agile, iterative and centered 
methods. 

* Continuously improve in response to user needs. 

* Try new things, start small and scale up. 


Work in the open by default 

* Share evidence, research and decision making openly. 

* Make all non-sensitive data, information, and new 
code developed in delivery of services open to the 
outside world for sharing and reuse under an open 
license. 


Use open standards and solutions 

* Leverage open standards and embrace leading 
practices, including the use of open source software 
where appropriate. 

* Design for services and platforms that are seamless for 
Canadians to use no matter what device or channel 
they are using. 


Address security and privacy risks 

* Take a balanced approach to managing risk by 
implementing appropriate privacy and security 
measures. 

* Make security measures frictionless so that they do 
not place a burden on users. 


Not 
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Build in accessibility from the start 

* Services should meet or exceed accessibility 
standards. 

* Users with distinct needs should be engaged from 
the outset to ensure what is delivered will work for 
everyone. 


Empower staff to deliver better services 

* Make sure that staff have access to the tools, 
training and technologies they need. 

* Empower the team to make decisions throughout 
the design, build and operation of the service. 


Be good data stewards 

* Collect data from users only once and reuse 
wherever possible. 

* Ensure that data is collected and held in a secure 
way so that it can easily be reused by others to 
provide services. 


Design ethical services 

* Make sure that everyone receives fair treatment. 

* Comply with ethical guidelines in the design and use 
of systems which automate decision making (such 
as the use of artificial intelligence). 


Collaborate widely 

* Create multidisciplinary teams with the range of 
skills needed to deliver a common goal. 

* Share and collaborate in the open. Identify and 
create partnerships which help deliver value to 
users. 
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S RANA SAA 


1 - Align to the GC Business Capability model 


LJ Define program services as business capabilities to establish a 
common vocabulary between business, development, and operation 


Q Identify capabilities that are common to the GC enterprise and can 
be shared and reused 


Q Model business processes using Business Process Modelling Notation 
(BPMN) to identify common enterprise processes 


L] Focus on the needs of users, using agile, iterative, and user-centred 
methods 


L] Conform to both accessibility and official languages requirements 


LY Include all skillsets required for delivery, including for requirements, 
design, development, and operations 


LJ Work across the entire application lifecycle, from development and 
testing to deployment and operations 


L] Ensure quality is considered throughout the Software Development 
Lifecycle 


L] Ensure accountability for privacy is clear 


LJ Encourage and adopt Test Driven Development (TDD) to improve the 
trust between Business and IT 
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HOW will this be achieved? 


Application is being developed in both official languages and going 
through rigorous accessibility testing 


Multi-disciplinary team involved with resources such as Web 
developer, Data Scientist, BA, UX expert and QA 


Project team ensuring all sprints are following application lifecycle 
and integration of key phase 


QA team engaged from beginning of the project to ensure all use 
cases are considered for validation phase. 


The application doesn't include any personal information, a 
Statement of Sensitivity was completed as well as a Privacy Impact 
Assessment. 
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3 - Design Systems to be Measurable and Accountable 
LJ Publish performance expectations for each IT service 


L] Make an audit trail available for all transactions to ensure 
accountability and non-repudiation 


HOW will this be achieved? 


L] Apply oversight and lifecycle management to digital investments 
through governance 


= The project has gone through multiple layers of governance. Which 


include: 


TBS Resource Committee; approval received for Gate 1 and 3 

CIO Steering Committee meeting on a monthly basis with CIO and 
Assistant Deputy Minister 

CIO Monthly project meeting 

Department Architecture Review Board 

Department Application Architecture Working group 

Department Data Architecture Working Group 
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4 — Data Collection HOW will this be achieved? om 


L] Ensure data is collected in a manner that maximizes use and availability of data =  Datais not collected in this project, it is extracted from different data sources such as 
collective agreements, and legislated documents. 


L] Ensure data collected aligns to existing enterprise and international standards " Not applicable 


Q Where enterprise or international standards don't exist, develop Standards in the " Not applicable 
open with key subject matter experts 


L] Ensure data is collected through ethical practices supporting appropriate citizen and 
business-centric use 


Not applicable 
L] Where necessary, ensure collaboration with department/ agency data stewards/ Not applicable 
custodians, other levels of government, & Indigenous people 
5 — Data Management HOW will this be achieved? 
L] Demonstrate alignment with enterprise and departmental data governance and = Data is not being collected in this application. Data that is being extracted is following 
strategies TBS Data Architecture working group standards 


= Data is being automatically extracted from a variety of documents and then manually 
validated by SMEs to ensure quality before being made accessible to users across the 
GOC. 

= This is replacing a process that is currently using Excel spreadsheets stored in TBS GC 
Docs, and making the data more discoverable within TBS and available across the GOC. 

" Over time, this system should help to standardize language across collective 
agreements and other related documents. 


LJ Ensure accountability for data roles and responsibilities = There are three roles in the system, GOC Users, Admin, and SMEs. GOC users have read 
access to all validated data by being logged into the GC Intranet. A small number of 
users in OCHRO will have access to upload files and/or validate data, authenticated via 
TBS Single Sign-On. The system will log information about who validated a rule and who 


Q Design to maximize data use and availability = The validated data will be available to everyone with access to GC Intranet. 
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6 — Data Storage 


L] Ensure data is stored in a secure manner in accordance with the National Cyber 
Security Strategy, and the Privacy Act 


L] Follow existing retention and disposition schedules 


HOW will this be achieved? 


Data is unclassified and not sensitive and will be stored in compliance with TBS 
policies. 

Authentication is via Single Sign On and no personal information is stored in the 
application. 


Team working closely with information management to make sure retention and 
disposition schedule are respected for pay rules data. 

We are not storing the original documents for retention reasons. Client is currently 
determining appropriate retention and disposition schedules for the extracted 
data. 


L] Ensure data is stored in a way to facilitate easy data discoverability, accessibility 
and interoperability 


7 — Data Sharing 


L] Data should be shared openly by default as per the Directive on Open Government 


L] Ensure government-held data can be combined with data from other sources 
enabling interoperability and interpretability through for internal and external use 


L] Reduce the collection of redundant data 
L] Reuse existing data where possible 


L] Encourage data sharing and collaboration 


This tool provides a flexible search capability fpr pay rules extracted from a variety 
of documents in order to facilitate discoverability and accessibility of pay rule 
information. 

Data is stored in Azure Cognitive Search indexes and Azure Table Storage 

and is accessible via APIs that could in the longer term be opened up for 
interoperability if required. 


HOW will this be achieved? 


Most of the source data documents are open to the public on Canada.ca or other 
organizational websites (OCHRO had to request documents via email from many 
smaller organizations). The application is intended for GOC Users. 


Our dataset combines data from several sources. 
Data is accessed via APIs that could in the longer term be opened up for 
interoperability if required, and if so could be combined with other sources. 


We are primarily extracting data from existing sources with some mark up during 
the validation process, and using machine learning to reduce the mark up burden. 


We are primarily reusing existing data. 


This project facilitates data sharing and collaboration across the GOC by making 
data on individual pay rules available that currently exists only in TBS GCDocs and a 
variety of unstructured documents. 
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8- Use open standards and solutions by default 


LJ Where possible, use open standards and open source software first. 


LJ If an open source option is not available or does not meet user needs, 
favour platform-agnostic COTS over proprietary COTS, avoiding 


technology dependency, allowing for substitutability and interoperability 


If a custom-built application is the appropriate option, by default any 
source code written by the government must be released in an open 
format via Government of Canada websites and services designated by 
the Treasury Board of Canada Secretariat 


HOW will this be achieved? 


Team leveraging open source application TIKA for text extraction and 
Python for Machine Learning. 


Not applicable 


software license 


Expose public data to implement Open Data and Open Information 
initiatives 


9 - Maximize Reuse 


L] Leverage and reuse existing solutions, components, and processes 


Q Select enterprise and cluster solutions over department-specific solutions 


L] Achieve simplification by minimizing duplication of components and 
adhering to relevant standards 


LJ Inform the GC EARB about departmental investments and innovations 


L] Share code publicly when appropriate, and when not, share within the 
Government of Canada 


Most of the data being used in the application is already open to the 
public. 


HOW will this be achieved? 


Leverage the reuse of existing solutions and components: 


SSO 
CDTS Core Project for GOC Web template 
SOLR Search 


This application is being developed for the GC 


Using CDTS Core Project for GoC Web Template 


In progress 


Cloud based technology available to other GC organizations 


000016 


Document released under the Access to Information Act / 
Document divulgué en vertu de la Loi sur l'accès à l'information 


UNCLASSIFIED / NON CLASSIFIÉ 


10- Enable Interoperability 


LJ Expose all functionality as services 


Q Use micro services built around business capabilities. Scope each 
service to a single purpose 


L] Run each IT service in its own process and have it communicate with 
other IT services through a well-defined interface, such as an HTTPS- 
based application programming interface (API) as per Appendix D: 


HOW will this be achieved? 


TBS exposes functionality as a service. 


Not applicable 


L] Run applications in containers 


L] Leverage the GC Digital Exchange Platform for components such as 
the API Store, Messaging, and the GC Service Bus 
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11 - Use Cloud first* HOW will this be achieved? 
LJ Enforce this order of preference: Software as a Service (SaaS) first, = The application uses Azure Cognitive Search, Azure Functions, Azure 
then Platform as a Service (PaaS), and lastly Infrastructure as a Storage and Web Apps which are a Software as a Service. 


Service (laaS) 


L] Enforce this order of preference: Public cloud first, then Hybrid = The solution is on SSC brokered Azure cloud. 
cloud, then Private cloud, and lastly non-cloud (on-premises) 
solutions 

L] Design for cloud mobility and develop an exit strategy to avoid = Not applicable 


vendor lock-in 


LJ Design for resiliency ^" Application built for multiple browsers, in addition to with azure 
cloud, and azure devops CICD. 


LJ Ensure response times meet user needs for availability = A Application is on azure and can be adjusted during peak times. 


LJ Support zero-downtime deployments for planned and unplanned = Azure devops has decreased our downtime. 
maintenance 


L] Use distributed architectures, assume failure will happen, handle =  TBS has app Insight monitors and alerts when issues occur. 


* NOTE: As per CIO of Canada: All OpenText and SAP renewals will now be done through the new Cloud First policy, which states Software As A Service (SaaS). 
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13 - Design for Security and Privacy 


LJ Implement security across all architectural layers 


L] Categorize data properly to determine appropriate safeguards 


L] Perform a privacy impact assessment (PIA) and mitigate all privacy 
risks when personal information is involved 


HOW will this be achieved? 


TBS policies and standards followed for security and segregation of 
architecture layers. 


PIA and SOS were completed, unclassified data with no risks. 


L] Balance user and business needs with proportionate security 
measures and adequate privacy protections. 
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Request Summary Information 


TBS Project/Activity ID P1819-250 
(from IT PLAN) 


Concept Case (ENDORSED ?) YES X DATE: June 30,2020 NO L] REASON: 
. : Planned Start Date: Planned End Date: 
Timeline 12-2019 03- 2021 
One Time project cost: (TB Sub) On-going (annual) costs: 
Lost summary $ 512,000 $ 200,000 
Funding Source A-Base [|| B-Base X Other: Please specify 
Current Gate* Gate 3 
On schedule? YES X NO LI IF not... why not? 


Do you have a Departmental Architecture Review Board (ARB)? YES X NO L 


Name : Sevac Eskibashian 


Who is the Chief Architect? Email / Phone # 
Sevac.Eskibashian@tbs-sct.gc.ca 


Has the Departmental EA and Architecture Review Board sanctioned the 


oreferred Solution Architecture option? YES à NO Lj] 


Ea * 


NOTE: Please provide a copy of your ARB Minutes & Record of Decision 


* TBS Gates: 
https://www.canada.ca/en/treasury-board-secretariat/services/information-technology-proiject-management/project-management/guide-proiect-gating-it-enabled-proiects.html IAS 
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What is the scope of work required 


by Shared Services Canada? N/A 


When/How has SSC been involved 
in this project? 


What SSC Services are to be p:// ce. pc.qc.ca/en/services 
impacted or consumed? Include due dates for SSC deliv verables. 


What are the dependencies and 


e (ex: authentication, cloud connectivity. If legacy Data Centre, which one 
assumptions: 


and has capacity has been confirmed. 


Presentation title: Governance Committees. 
Please include Presentation title, committee and date of presentation (or Committee DD/MM/YY 
rational for not going through governance) Committee DD/MM/YY 


SSC BR number (if available) BR Number 
SSC Client Executive contact Name/Title 
SSC project contact Name/Title 
SSC architecture contact Name/Title (if available) 


For nop in completing this Sue Pid free to contact your Client Executive 
http://service.ssc-spc.gc.ca/en/contact/partclisupport/client-execs 20 
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> Tellus what this exemption request for ( e.g., target reference architecture, standard, etc. ). 


> Describe which target reference architecture or standard for which an exemption / exception request is being 
sought, and why exemption is required. Explain why these guidance not applicable to your department. 


> Please explain how your Project/Solution or Effort proposal used to uniquely support your Departmental 
Mandate? 


Note: You may insert more pages if reguired. Please remove these guidance words once you complete this page. 


| " Describe the risk and why the GC EARB should support the exemption request 
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s.16(2)(c) 
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Secretariat du Conseil du Tresor Treasury Board of Canada , 
du Canada secretariat 


Li Renseignements iti Présentateurs : 
* Fred Begley - Sous-ministre-adioint (SMA) par interim du Plan de soutien à la 


gestion de projet (PSGPL Fred.Begley@tbs-sct.gc.ca, 613-868-4970 
Francois Brunet directeur principal, Direction de ia gestion de l'information et de 
ia technologie (GIT), Francois.Brunet@tbs-sct.g 


GCdocs n? 31758070 


Derniére mise à jour : le 7 juin 2019 
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L'objectif d 
sur le I besoin opérationnel 


le cette présentation est de fournir des renseignement 
de la Solution 


de données lié 
| 


rémunération et la façon dont le Secrétariat du Conseil du Trésor die Canada (SCT) 


tirerait D 


différentes technolo 


gies pour répondre au besoin. 
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| Le Bureau du dirigeant principal des ressources humaines (BDPRH) cherche à créer un dépôt centralisé des | 
| règles de rémunération et des documents à l'appui qui constitueront une source exacte et faisant autorité | 
| pour toutes les parties intéressées au sein du gouvernement du Canada (GC). 


Les regies de rémunération sont nombreuses, complexes et non normalisées dans les 
conventions collectives et d'autres documents. 

L'acces aux données sur les règles de rémunération est fragmente à l'échelle du 
gouvernement. 

Le processus de planification, de recherche et d'analyse pour la négociation collective est 
complexe et exige beaucoup de main-d'œuvre. 


z & 


Un dépôt complet et exact des règles de remuneration qui facilite la recherche et 
l'analyse et qui est accessible au BDPRH et à l'ensemble du GC. 
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gles de rémunération sont les suivantes : 


Le nombre de règles de 


rémunération est actuellement 


inconnu, ces règles sont 
difficiles à trouver et sont 


rédigées de façon incohérente. 


La recherche des règles de 
rémunération exige l'examen 
manuel de nombreux 
documents différents. 


Difficile de déterminer 
l'incidence des changements 
apportés aux regles de 
rémunération dans les 
conventions collectives et 


d'autres sources. 


| Créer une seule source faisant 
| autorité de règles de 

- rémunération accessible aux 

| intervenants. 


8 $8 


plication prendra en 
ge ce qui suit : 
Recherche et indexation 


production de rapports 


000028 


Document released under the Access to Information Act / 
Document divulgué en vertu de la Loi sur l'accès à l'information 


UNCLASSIFIED / NON CLASSIFIÉ 


| La DGIT a évalué de facon très approfondie les besoins 
| opérationnels et Présenté une analyse des options de solution 

| quia été jugée conforme aux normes numériques du GC. Selon 
| l'analyse, la recommandation consiste à tirer parti d'une 

| solution libre et personnalisée Offrant des fonctions de | 

| recherche intelligente et d'apprentissage automatique. ; 
| Avantages: : 


Évaluation de la meilleure option; 
établissement d'un équilibre optimal entre 
le coüt, la valeur opérationnelle et la 


eee 


réalisabilité. 


Répond au désir à l'échelle de l'entreprise 
de passer de la recherche de base par mot 
clé à la recherche intelligente. 


Profiter des avantages de la technologie d'analyse de texte 
| de Microsoft 

|* Possibilité d'utiliser la plateforme comme service (PaaS) 
pour la capacité de recherche : | 
e Automatiser le processus de saisie des données - ————————— mtt : : 


| Inconvénients : | La partie la plus exigeante en main-d'œuvre 


2 Nécessité d'investir davantage en misant sur les nouvelles lg «d'idaatipcationd ee 
| technologies. Une fois mise en œuvre, la solution - processus CHEER id e» regies US 
- remuneration est remplacé Dar 


permettrait de réaliser des économies lorsque de Re l l 
nouvelles règles sur la paye seront ajoutées aux l'apprentissage machine. 
documents sources. 


|* Les Règles de rémunération ont fait l'objet d'un examen par le Comite de ressourcement et d'une évaluation par le Comité d'examen de 
| l'architecture du SCT, et les deux comités les ont approuvées. 


Les systèmes et processus de gestion des personnes (SPGP) du | l'équipe technique de la Direction générale de la gestion de 


Bureau du dirigeant principal des ressources humaines | | l'information et de la technologie (DGGIT) du SCT fait la 
(BDPRH) se font les champions du projet des Règles de | promotion de la mise en ceuvre du proiet. 
rémunération. I 


000029 


Document released under the Access to Information Act / 
Document divulgué en vertu de la Loi sur l'accès à l'information 


UNCLASSIFIED / NON CLASSIFIÉ 


PubliServices et icône sur le Portail des 
applications du SCT (PAS) - Aucune Utilisateur du GC 


authentification (Utilisateur de base) 


Regles de rémunération validées 


Experts e 
matiere (EM) 
(Utilisateur 
averti) 


Applications intranet du SCT (identification unique 


Télécharger un 
nouveau document 
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Source Technology 
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| Note de l'ECRP : S.O. | l'organisation : S.O. 


1 Risque pour la qualité, car l'apprentissage 
automatique nécessite des données 
validées sur les régles de rémunération 
pour former le modele 


ECRP: Évaluation de la complexité et des risques des projets 
ECOGP: Évaluation de la capacité organisationnelle de gestion de projets 


000032 


Document released under the Access to Information Act / 
s.1 6(2)(c) Document divulgué en vertu de la Loi sur l'accès à l'information 


s.21(1)(a) 
s.21(1)(b) 


UNCLASSIFIED / NON CLASSIFIÉ 


Le BDPRH cherche à faire approuver la création d'un dépôt centralisé des règles de rémunération et des documents à l'appui qui 
constitueront une source exacte et faisant autorité pour toutes les parties intéressées au sein du GC. 


Activités * Équipe pluridisciplinaire : Développeur Web, scientifique des données, BA, expert en EU et AQ 
* l'application est en cours d'élaboration dans les deux langues officielles et fait l'objet d'une mise à l'essai de l'accessibilité. 


Information Remplacer un processus qui utilise actuellement des feuilles de calcul Excel stockées dans GC Docs du SCT, faciliter le 
repérage des données au SCT et les rendre plus disponibles dans l'ensemble du GC. 
Avec le temps, ce système devrait faciliter la normalisation du libellé des conventions collectives et d'autres documents 
connexes. 
Les données sont stockées dans les index de recherche cognitive Azure et dans le stockage du tableau Azure et sont 
accessibles au moyen d'interfaces de programmation d'applications qui pourraient, à long terme, étre ouvertes à 
l'interopérabilité au besoin. 


Application 


Technologie 


Sécurité et * Données complètes non classifiées d'ÉFVP et de SOS sans risque. 
confidentialité 


L'AE recommande que le CEAI approuve l'architecture proposée À confirmer 


Harmonisation de l'architecture : 
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Normes numériques du GC 


Normes architectures du GC 


Détails supplémentaires sur le projet 


Évaluation de l'incidence algorithmique 


Formulaire de demande d’exemption 


E 12 28 28 8 2 2 28 28 M 1 Lo I lex dM LLL 


Exigée pour l'évaluation de l'AE 
du GC 
NON incluse à la présentation 


Exigée pour l'évaluation de l'AE 
du GC 
NON incluse à la présentation 


Exigée pour l'évaluation de l'AE 
du GC 
NON incluse à la présentation 


Remplir, tel qu'exigée 
NON incluse à la présentation 


GRRRR SEER SEES SEES SES TER TR SONUS RRRS 


LES E 28 28 4 EE EE EE E E M IE M E EM E ME E M IE EM IE EIE EM 2S  -8 X 82-1 


ER KNEES SEEN DENS TERR EER REE DONE GEE EER ER DOUX DONO NEED EER GER SENE GER GE RE COME ROUX ERE NEED ENEEN GOR RR NEED RO SENE GR GR ER ER DONE DER 


BO HOOD HOO ONEK DOOOD 10000 10000 (0000 GOO DOOOD 20000 MOOD SOOO BOO) 20000 10000 KAMAN OOOOC BOO) 20000 10000 HENS DOC DOOOO 10000 (0000 GA DOOOI MEE MOOD OOOO! GM DOOOO HAE KAMA COR 


RARE HARAS RRRRA COUR RARR NXXO NEG RARER GRR GREER) MANS RRRA QUU RRRR) AERA) RANK RRRRR RRRA RRRR) ARKH) RRRRA RARR DOOXD RRRR) RARR RRRRR CREE CREED RRRRS RRRRA QUUD WARR CREE) RRRRA RRRRA OUR 
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Harmonisation architecturale : 


) Partielle 


Concevoir avec les utilisateurs 

* Mener des recherches auprès des utilisateurs pour comprendre 
leurs besoins et les problèmes que nous voulons résoudre. 

* Mener des essais continus auprès des utilisateurs pour orienter la 
conception et l'élaboration. 


Effectuer réguliérement des itérations et des améliorations 

* Élaborer des services au moyen de méthodes souples, itératives et 
axées sur l'utilisateur. 

* Effectuer constamment des améliorations en réponse aux besoins 
des utilisateurs. 

* Essayer de nouvelles choses, commencer par de petits pas puis 
prendre de l'expansion. 


Travailler dans un environnement ouvert par défaut 

* Communiquer de facon ouverte les données probantes, les résultats 
de recherche et les décisions prises. 

* Faire en sorte que tous les données, renseignements et nouveaux 
codes non confidentiels développés dans le cadre de la prestation 
de services soient accessibles au monde extérieur qui pourra les 
partager et les réutiliser sous licence ouverte. 


Utiliser des normes et des solutions ouvertes 

* Tirer profit de normes ouvertes et adopter des pratique.s 
exemplaires, y compris le recours à des logiciels libres, le cas 
échéant. 

* Concevoir des services et des plateformes qui sont transparents 
pour que les Canadiens puissent les utiliser, quel que soit l'appareil 
ou le moyen qu'ils utilisent. 


Aborder les risques à la sécurité et à la protection des renseignements 

personnels 

e Adopter une approche équilibrée en matière de gestion des risques 
en mettant en ceuvre des mesures appropriées en matiére de 
confidentialité et de sécurité. 

* Éliminer toute friction dans le cadre des mesures de sécurité pour 
s'assurer qu'elles n'imposent pas de fardeau aux utilisateurs. 


Aucurie 


Intégrer l'accessibilité dés le départ 

* Les services devraient respecter ou dépasser les normes 
d'accessibilité. 

* Les utilisateurs ayant des besoins particuliers devraient étre mis 
à contribution dés le départ afin de confirmer ce que la 
prestation de services convienne à tout le monde. 


Habiliter le personnel à offrir de meilleurs services 

* Veiller à ce que les membres du personnel aient accés aux outils, 
à la formation et aux technologies dont ils ont besoin. 

* Habiliter l'équipe à prendre des décisions tout au long de la 
conception, de la mise sur pied et de l'exploitation du service. 


Étre de bons utilisateurs de données 

* Recueillir les données auprès des utilisateurs une seule fois et les 
réutiliser dans la mesure du possible. 

* Veiller à ce que les données soient recueillies et stockées de 
maniere sécuritaire pour permettre à d'autres de facilement les 
réutiliser pour offrir des services. 


Concevoir des services éthiques 

* Veiller à ce que tout le monde recoive un traitement équitable. 

* Se conformer aux lignes directrices en matiére d’éthique dans la 
conception et l'utilisation de systémes qui automatisent la prise 
de décisions (comme l'utilisation de l'intelligence artificielle). 


Collaborer à grande échelle 

* Créer des équipes multidisciplinaires ayant la gamme de 
compétences nécessaires pour atteindre un objectif commun. 

* Échanger et collaborer ouvertement. Définir et établir des 
partenariats qui aident à offrir de la valeur aux utilisateurs. 
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E ANN NA K 


1 — S’aligner sur le modèle des capacités opérationnelles du GC 


Q Définir les services de programme comme des capacités opérationnelles 
pour établir un vocabulaire commun entre les organisations, le 
développement et l'exploitation. 


Q Déterminer les capacités communes à l'organisation du gouvernement du 
Canada qui peuvent étre présentées et réutilisées. 


L] Modéliser les processus opérationnels à l'aide de la Notation du modèle de 
prestation des services intégrés (NMPSI) pour définir les processus 
d'organisation communs. 


2 — Concevoir d'abord pour les utilisateurs et livrer avec des équipes 
multidisciplinaires 


Document released under the Access to Information Act / 
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COMMENT procédera-t-on? 


souples, itératives et axées sur l'utilisateur. 


L] Se conformer aux exigences en matiére d'accessibilité et de langues 
officielles. 


L] Inclure tous les ensembles de compétences nécessaires à la prestation, y 
compris pour les exigences, la conception, le développement et les activités. 


L] Travailler tout au long du cycle de vie des applications, du développement et 
des essais au déploiement et à l'exploitation. 


L] S'assurer que la qualité est prise en compte tout au long du cycle de vie du 
développement logiciel. 


L] S'assurer que la reddition de comptes en matiére de protection des 
renseignements personnels est claire. 


L] Encourager et adopter le développement basé sur les tests pour renforcer la 
confiance entre l'entrenrise et la TI. 


Approche agile suivie par l'équipe de projet — travailler en étroite 
collaboration avec le client afin d'assurer une amélioration et une 


L'application est en cours d'élaboration dans les deux langues officielles et 
passe par des essais rigoureux d'accessibilité 


Équipe multidisciplinaire impliquée avec des ressources telles que le 
développeur Web, le scientifique des données, l'analyste opérationnel, 
l'expert en expérience utilisateur et le vérificateur de la qualité 


L'équipe de projet s'assure que toutes les empreintes suivent le cycle de vie 
de l'application et l'intégration de la phase clé 


L'équipe d'assurance de la qualité a été mobilisée dés le début du projet 
pour s'assurer que tous les cas d'utilisation sont pris en considération pour la 
phase de validation. 


L'application ne contient aucun renseignement personnel, un énoncé de 
sensibilisation a été rempli ainsi qu'une évaluation des facteurs relatifs à la 
vie privée. 
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3 — Concevoir des systèmes pouvant être évalués et rendre des 
comptes 


LJ Publier les attentes de rendement pour chaque service de TI. 


L] Mettre à disposition une piste de vérification pour toutes les 
transactions afin d'assurer la responsabilité et la non-répudiation. 


Q Établir des paramètres opérationnels et informatiques pour 
permettre des résultats opérationnels. 


Q Appliquer la surveillance et la gestion du cycle de vie aux 
investissements numériques par l'entremise de la gouvernance. 


COMMENT procédera-t-on? 


= Le projet a traversé plusieurs niveaux de gouvernance. Qui 
comprend ce qui suit : 


- — Comité des ressources du SCT, approbation reçue pour les points de 
. contrôle 1 et 3. 


— Réunion mensuelle du Comité directeur des Dirigeants principaux de 
l'information (DPI) avec le DPI et le sous-ministre adjoint 

— Réunion mensuelle du DPI sur le projet 

— Conseil d'examen de l'architecture du Ministère 

— Groupe de travail sur l'architecture des applications du Ministére 

— Groupe de travail sur l'architecture des données du Ministére 
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4 — Collecte des données COMMENT procédera-t-on? 
L]  S'assurer que les données sont recueillies de manière a optimiser leur utilisation et m Les données ne sont pas recueillies dans le cadre de ce projet, elles sont extraites de 
leur accessibilité. différentes sources de données comme les conventions collectives et les documents 
législatifs 
Q S'assurer que les données recueillies sont conformes aux normes institutionnelles et " Sans objet 


internationales en vigueur. 


L] Enl'absence de normes institutionnelles ou internationales, élaborer des normes = Sans objet 
ouvertes en collaboration avec des spécialistes. 


Q  S'assurer que la collecte de données permet d'obtenir des données de haute qualité NL Sans objet 
conformément aux lignes directrices en matiére de qualité des données. : 


Q  Veiller à ce que les données soient recueillies au moyen de pratiques éthiques 
appuyant les citoyens et l’utilisation commerciale. 


Q Les données ne devraient être acquises qu'une seule fois et devraient respecter les 7 Sans objet 
normes internationales. : 


L] Lorsque nécessaire, veiller à la collaboration avec les responsables de données des 7 Sans objet 
ministères et des organismes, des autres ordres de gouvernement et des peuples 
autochtones. 
5 — Gestion des données COMMENT procédera-t-on? 
C] Démontrer l'harmonisation avec la gouvernance et les stratégies de données organisationnelles et ministérielles. Les données ne sont pas recueillies dans cette application. Les données qui sont extraites suivent les normes du groupe de 


travail sur l'architecture des données du SCT. 

Les données sont automatiquement extraites d'une variété de documents, puis validées manuellement par les experts en la 
matiére (EM) pour assurer la qualité avant d'étre rendues accessibles aux utilisateurs dans l'ensemble du gouvernement du 
Canada. 

Cela remplace un processus qui utilise actuellement des feuilles de calcul Excel stockées dans GCdocs du SCT, et rend les 
données plus repérables au sein du SCT et disponibles dans l'ensemble du GC. 

Au fil du temps, ce systéme devrait aider à normaliser la langue dans l'ensemble des conventions collectives et d'autres 
documents connexes. 


Q  Veiller à la reddition de comptes pour les rôles et responsabilités en matière de données. Il y a trois róles dans le systéme, soit les utilisateurs du GC, l'administrateur et les EM. Les utilisateurs du GC ont accés à 
toutes les données validées en étant connectés à l'intranet du GC. Un petit nombre d'utilisateurs du Bureau du dirigeant 
principal des ressources humaines (BDPRH) auront accés au téléchargement de fichiers et/ou à la validation de données, 
authentifiées par l'entremise de l'identification unique du SCT. Le systéme consignera les informations sur les personnes qui 
ont validé une régle et celles qui ont téléchargé le document. 


LJ Concevoir pour optimiser l'utilisation et la disponibilité des données. Les données validées seront accessibles à tous avec accés à l'intranet du GC. 
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6 — Stockage des données 


E 
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E 
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E 


m 


E 


E 


S’assurer que les données sont stockées de manière sécuritaire, conformément à la Stratégie 
nationale de cybersécurité et la Loi sur la protection des renseignements personnels. 


Appliquer les calendriers de conservation et d'élimination mis en place. 


S'assurer que les données sont stockées d'une façon qui facilite leur recherche, leur 
accessibilité et leur interopérabilité. 


Partage des données 


Les données devraient par défaut étre partagées de facon ouverte, conformément a la 
Directive sur le gouvernement ouvert. 


S’assurer que les données détenues par le gouvernement peuvent étre combinées a des 
données provenant d'autres sources pour permettre l'interprétabilité et l'interopérabilité en 
vue de l'usage interne et externe. 


Diminuer la collecte de données redondantes. 


Réutiliser les données existantes autant que possible. 


Encourager le partage de données et la collaboration. 


COMMENT procedera-t-on: 
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Les données ne sont pas classifiées et ne sont pas sensibles et seront stockées conformément 
aux politiques du SCT. 

L’authentification se fait par identification unique et aucun renseignement personnel n’est 
stocké dans l’application. 


L'équipe travaille en étroite collaboration avec la gestion de l'information pour s'assurer que 
le calendrier de conservation et d'élimination est respecté pour les données sur les régles de 
rémunération. 

Nous ne stockons pas les documents originaux pour des raisons de conservation. Le client 
détermine actuellement les calendriers appropriés de conservation et d'élimination des 


Cet outil offre une capacité de recherche souple sur les régles de paye extraites d'une variété 
de documents afin de faciliter la découverte et l'accessibilité de l'information sur les régles de 
rémunération. 

Les données sont stockées dans les indexes d'Azure Cognitive Search et Stockage Table Azure, 
et sont accessibles à l'aide d'interfaces de programmation d'applications (IPA) qui pourraient 
à plus long terme étre ouvertes pour l'interopérabilité si nécessaire. 


COMMENT procédera-t-on? 


La plupart des documents de données sources sont accessibles au public sur le site Canada.ca 
ou sur d'autres sites Web organisationnels (le BDPRH a dû demander des documents par 
courriel auprés de nombreuses petites organisations). L'application est destinée aux 
utilisateurs du GC. 


Notre ensemble de données combine des données provenant de plusieurs sources. 
Les données sont accessibles à l'aide des IPA qui pourraient, à plus long terme, étre ouvertes 
à l'interopérabilité au besoin et, le cas échéant, étre combinées avec d'autres sources. 


Nous extrayons principalement des données provenant de sources existantes avec un certain 
degré de marge pendant le processus de validation, et nous utilisons l'apprentissage 
automatique pour réduire le fardeau de majoration. 


Nous réutilisons principalement les données existantes. 


Ce projet facilite l'échange de données et la collaboration dans l'ensemble du gouvernement 
du Canada en rendant disponibles des données sur les régles de paye individuelles qui 
n'existent actuellement que dans GCdocs du SCT et une variété de documents non 
structurés. 
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8 — Utiliser des solutions et des normes ouvertes par défaut 


Q Dans la mesure du possible, accorder la priorité à l’utilisation de normes et de logiciels 
ouverts. 


LJ Sil'option de source libre n'est pas disponible ou ne répond pas aux besoins des utilisateurs, 
privilégier les Logiciels commerciaux préts a l'emploi (LCPE) non exclusifs à une plateforme 
aux LCPE propriétaires de facon à éviter la dépendance technologique et à permettre la 
substituabilité et l'interopérabilité. 


Q Sil'option appropriée est l'application personnalisée, prendre note que les codes sources 
écrits par le gouvernement doivent, par défaut, étre diffusés dans un format ouvert au 
moyen des sites Web du gouvernement du Canada et des services désignés par le Secrétariat 
du Conseil du Trésor du Canada. 
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COMMENT cela sera-t-il réalisé? 


Équipe exploitant l'application à source ouverte TIKA pour l'extraction de texte et Python 
pour l'apprentissage automatique 


Sans objet 


L] Tousles codes sources ouverts doivent étre diffusés en vertu d'une licence de logiciel à 
source ouverte. 


L] Diffuser les données publiques pour mettre en œuvre différentes initiatives de données 
ouvertes et d'information ouverte. 


9 — Optimiser la réutilisation 


L] Mettre à profit et réutiliser les solutions, composantes et processus existants. 


L] Choisir des solutions d'organisation et de groupe plutót que des solutions propres à un 
ministére. 


L] Réaliser la simplification en réduisant au minimum le dédoublement des composants et en 
adhérant aux normes qui s'appliquent. 


Informer le CEAI du GC relativement aux investissements et aux innovations du Ministére. 


L] Communiquer publiquement le code, s'il y a lieu, et, lorsque ce n'est pas le cas, le présenter 
au sein du gouvernement du Canada. 


COMMENT cela sera-t-il réalisé? 


Tirer parti de la réutilisation des solutions et des composants existants : 


Identification unique (IU) 

Projet de base de la solution à gabarits déployés centralement (SGDC) pour le Modèle 
Web du GC 

Recherche SOLR 


Cette application est en cours d'élaboration du GC. 


Utilisation du projet de base du SGDC pour le modéle Web du GC 


En cours 


Technologie infonuagique accessible à d'autres organisations du GC 
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10 — Permettre l'interopérabilité 


LJ Présenter toutes les fonctionnalités en tant que services. 


L] Utiliser des microservices articulés autour des capacités de 
l'organisation. Axer chaque service sur un seul objectif. 


L] Exécuter chaque service de TI dans le cadre de son propre processus 
avant de le diffuser aux autres services de TI par l'intermédiaire d'une 
interface bien-défini, comme une interface de programmation 
d'application (IPA) HTTPS conformément à l'annexe B — Procédures 


différents composants tels que le Magasin d'IPA, la messagerie et le 
bus de service du GC. 


COMMENT cela sera-t-il réalisé? 


" Le SCT expose les fonctions en tant que service. 


=»  Sansobjet 


=»  Sansobjet 
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11 — Utiliser d'abord le nuage* 


L] Préconiser cet ordre de préférences : Logiciel comme service (SaaS) 7 
d’abord, puis Plateforme comme service (PaaS), et en dernier lieu, 
l’ Infrastructure comme service (laaS). 


LJ Appliquer cet ordre de préférence : Nuage public d'abord, puis nuage =" 
hybride, ensuite nuage privé, et enfin des solutions non liées aux 
nuages (sur place). 


L} Concevoir à des fins de mobilité du nuage, et élaborer une stratégie - a 
de sortie pour éviter le blocage des fournisseurs. : 


12 — Conception pour le rendement, la disponibilité et 
l'évolutivité 


L] Concevoir en gardant à l'esprit la résilience. = 


LJ S'assurer que les temps de réponse respectent les besoins en matière " 
d'accessibilité des utilisateurs. 


L] Prendre en charge les déploiements sans temps d'arrét en vue de = 
l'entretien planifié et non planifié. 


LJ Utiliser des architectures distribuées, prévoir la possibilité d'échec, 7 
traiter dignement les erreurs et effectuer une surveillance active. 


COMMENT cela sera-t-il réalisé? 


L’application utilise Azure Cognitive Search, Fonctions de 
l'application d'Azure, stockage Azure et les applications Web qui sont 
un logiciel en tant que service (SaaS). 


La solution est sur le nuage Azure offert par SPC. 


Application conçue pour plusieurs navigateurs, en plus du nuage 
azur, et Azure DevOps CICD. 


L'application est sur Azure et peut étre ajustée pendant les heures 
de pointe. 


Azure DevOps a réduit notre temps d'arrét. 


Le SCT dispose d'applications de surveillance et d'alertes en cas de 
problémes. 


* REMARQUE: Conformément au dirigeant principal de l'information (DPI) du Canada, tous les renouvellements d'OpenText et du SAP seront maintenant effectués au moyen de la nouvelle Politique du 


« nuage d'abord », qui prévoit un logiciel en tant que service (SaaS). 
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13 — Conception pour la sécurité et la protection de la vie 

privée 

L] Mettre en ceuvre les mesures de sécurité dans toutes les couches 
architecturales. 


L] Classifier correctement les données pour déterminer les mesures de 
protection appropriées. 


LJ Effectuer une EFVP et atténuer les risques lorsqu'il s'agit de 
renseignements personnels. 


Q Trouver l'équilibre entre les besoins des utilisateurs et de 
l'organisation en utilisant des mesures de sécurité proportionnées et 


des mesures adéquates de protection des renseignements personnels. 


COMMENT cela sera-t-il réalisé? 


= Les politiques et les normes du SCT ont été suivies pour la sécurité et la 


séparation des couches d'architecture. 


7 L'évaluation des facteurs relatifs à la vie privée (EFVP) et l'énoncé de 


sensibilité (EDS) ont été réalisés, des données non classifiées sans risque. 


=  ['EFVPaété réalisée, aucune donnée personnelle n'a été recueillie, aucun 


risque n'aété relevé. 


=  Sansobjet 
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Renseignements sommaires sur la demande 


ID du projet ou de l'activité du 
SCT P1819-250 


(du PLAN de TI) 


Cas conceptuel (APPROUVÉ?) OUI X DATE : 30 juin 2020 NON L RAISON : 

: Date de début prévue : Date de fin prévue: 

Calendrier 12-2019 03- 2021 
: . Coût du projet ponctuel : (Présentation au CT) Coûts permanents (annuels) : 

Sommaire des coûts 512 000$ 200 000 S 

Provenance des fonds PETERS wetes = Budget Autre : veuillez préciser 

temporaire LI 
Point de contrôle actuel* Point de contrôle 3 
Respect des échéanciers? OUI X NONL] |] Si non, pourquoi? 


Avez-vous un Conseil d'examen de l'architecture (CEA) ministériel? OUI X NON LI 


Nom : Sevac Eskibashian 


Qui est l'architecte en chef? Courriel/num. de téléphone 
Sevac.Eskibashian@tbs-sct.gc.ca 


LAE ministérielle et le Comité d'examen de l'architecture (CEA) ont-ils 


x 


approuvé l'option privilégiée de l'architecture de la solution? oU O NON LJ 


NOTE : Veuillez fournir une copie de votre procès-verbal et du compte rendu des décisions du CEA 


* Points de contróle du SCT 
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Quelle est la portée des travaux exigés par 
Services partagés Canada? $.0. 


Quand SPC s’est-t-il engagé dans ce projet et 
de quelle facon? 


Quels services de SPC seront touchés? 


Quelles sont les dépendances et les 
suppositions? (par exemple, authentification, connectivité avec le nuage. S'il s'agit d'un centre de données 
existant, de quel centre s'agit-il et la capacité a -t-elle été confirmée?) 


Titre de la présentation Comités de gouvernance : 
Veuillez inclure le titre de la présentation, le comité et la date de présentation (ou la raison Comité JJ/MM/AA 
pour laquelle vous ne passez pas par la gouvernance) Comité JJ/MM/AA 


Numéro d'entreprise de SPC (si disponible) Numéro d'entreprise 


Personne-ressource pour les relations avec les 


clients de SPC Nom/ Titre 


Personne-ressource pour les projets de SPC Nom/ Titre 


Personne-ressource pour l'architecture de SPC Nomy/tire (s'il v a lieu) 


Pour obtenir de l'aide afin de remplir cette diapositive, n'hésitez pas à communiquer avec votre responsable 
des relations avec les clients i 
http://service.ssc-spc.gc.ca/fr/contact/partclisupport/client-execs B 
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> Dites-nous ce que demande cette exemption (par exemple, architecture de référence cible, norme, etc.). 
> Décrivez quelles sont les architecture ou norme de référence cible pour lesquelles ont demande une exemption 


ou exception en expliquant pourquoi cette exemption est demandée. Expliquer pourquoi ces lignes directrices 
ne s'appliquent pas à votre ministère. 


> Expliquez en quoi votre projet, solution ou proposition ne permettait que de soutenir le mandat de votre 
ministère? 


Remarque : Vous pouvez insérer des pages supplémentaires, le cas échéant. Veuillez supprimer ces orientations au 
moment de remplir cette page. 


- " Décrivez le risque et expliquez pourquoi le CEAI du GC devrait appuyer la demande d'exemption. 
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track, and process administrative investigations of consultants or other 
representatives suspected of fraud or misrepresentation under the Immigration 
and Refugee Protection Act and Citizenship Act. 
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» IRCCis required to strengthen compliance and enforcement in regards to immigration and 


citizenship consultants, 


x 


The number of open investigations to detect and investigate wrongdoing has risen in recent years 
and represents approximately 200 per year. These investigations can link to many applications for 


entry or status in Canada. As a resuit, IRCC's investigation unit is unable to keep up with the volum 


s 


to effectively detect, investigate, track, and manage cases. 


In addition, regulations are being drafted to authorize IRCC to issue administrative penalties to 


representatives found to be non-compliant, which are anticipated to come into force as early as 
Spring 2021. While the number of non-compliant decisions and administrative penalties issued on a 
yearly basis as a result of these investigations is not yet certain, it will not exceed 40 penaities 


against unscrupulous consultants and other third-parties in the first year. 


RS 


» Enhancements to IT tools will support compliance efforts and allow officers across IRCC to make 
informed decisions when assessing applications for status in Canada as well as assist in the 


disruption of fraud networks by transforming the current manual, labour-intensive and unsystemati 
processes used to manage investigations. 
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LJ 


As the department undertakes its Transformation agenda, new capabilities such as 
those described in this project need to balance near term needs with the future. 


ng solutions within the department; 


ata integrity (applicants, immigration consultants and 3rd parties). 
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IRCC is seeking to de-risk its current legacy systems through a phased approacn beginning 
with a Budget 2020 request currently under review. The content of that request includes: 


> Stabilize and Standardize 


To achieve stable legacy systems and disaster recovery capacity; and 
to build upon business process optimization and to achieve reduced "technical debt" that de- 
risks future system use, secure enterprise cloud connection, and key building blocks for the 


future system (e.g. reimagined business models and design work to guide the transition 
stage), 


> Planning for Transform and Transition (for future asks — Post April 1st, 2023) — to deliver an 
enterprise-wide platform, allowing ful 


g integration of new functionalities and onboard 
all ines of business. 


However budget 2020 is still not yet approved and the Immigration Consultant project is 


a 


to meet a ministerial mandate commitment for the near term. 


* 


Consequently, the solution architecture has minimized the number of GCMS changes and 


integration points in order to support the business requirements while minimizing risk to 
the system and adding additional technical debt. 
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ools for the detection of fraud and follow through investigations include: 
Investigation management solution with integrated analytics capability to track 
investigations. 


Solution to manage Admin Penalties (APs), integrated with the 


ae 


proposed investigation manager 


usé pire of fi free text t fie Ids 
Addi tional Tie soe to PAR information on representati 


The | IT ym m to manage investigations of consultants/representatives and their 
clients and administration of pu ies ‘would — various fon ns of 
—— tools to detect and igat 
solution will provide valuable investi iasion eied cantina to various offi icers 
across IRCC such as indicators, client lists, decisions, analyti cal reports and briefs, 
s anm is and other relevant resources, as well as include functionality to 
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Enforcement partners and field officers submit tips/referrals via email to the IRCC's 
investigation unit. 


The analyst reviews the tip to determine if there is sufficient information to proceed with an 
investigation. 


If proceeding with an investigation, the case and evidence is tracked via Excel spreadsheets 
and Word documents stored in GCDOCS, 


The analyst conducts open source searches (i.e. Googie, social media, news articles, discussion 
forums, etc.) and accesses partner systems (i.e. ICES for entry/exit information) to gather 
supporting evidence. 


The analyst also collects data from various sources including GCMS and Answers, and request 
data pulis by email from Finance and Enterprise Data Warehouse. This step is repeated as new 
leads develop that further the investigation. Analysts aso flag applications and create info 
alerts instructing officers to contact Case Management Branch (CMB) for more information. 


With the data collected, the analyst compiles all the data and imports the data into i2 Analyst's 
Notebook, an investigation analai s software, to visualize linkages and pinpoint nodes and 
networks of fraud. 


nere pt the investigation i snaree pack wi id the referri ing p to pursue criminal 
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_ Inventory of system changes: 

. 1. Capture the IP address at various points of online interaction between the applicants or 
representatives with the department (i.e. online applications, payments, portal enrolments, etc.) 
Ability to conduct keyword searches of free text fields: 

* With some modifications to EDW schema exported for Investigations Data Analysts, 
unstructured textual data can be ‘mined’ using IRCC analytic tools 
There is also an opportunity to evaluate other text ‘mining’ software/tools that may better 
suit business needs. 
Additional fields in GCMS to collect information on representatives: : 
* Additional data attributes can be added to eServices and GCMS applications as needed and be | 
added to EDW extracts of GCMS data for analytical inputs. | 
Self-serve solution to retrieve payment information: 
* Data captured through IPRMS service can be added to the EDW eService extracts, which in 
turn can be ‘linked’ to application and client-centric data. 

5/6. Enable users to leverage the existing case management system (GCMS) for the tracking and 

management of investigations and administrative penalties (Currently using MS Excel). 


* Leverage existing EDW integration for an analytics capability to uncover potential links unseen | 
by surface-level analysis. | 


Systematically and efficiently communicate adverse information via verification activities and 
information alerts to field officers to improve decision-making on open applications. 
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= 


tigation management system Current CRM solutions [e.g., GC Case} 
s are highly aligned with cannot provide the link analysis 
magement functionality functionality required to support 
the investigations. This would also re 
ar duplication of case managemen 
add complexity to tegra 
adverse informati 


ecision-making on open applications. 
System to manage Target is to leverage existing GEMS Would require the development or Would require the development or 
Administrative Penalties administrative penalty functionality to provision of an AP system. provision of an AP system. 
improve integration. This would also 
allow for reusability of existing AP 
functionality (Le. TFWP — IMP 
verification sub-tab in GCMIS). 
Impact to Overall Project Ability ta issue administrative penalties 
Schedule is required by Q1 FY21-22 and by _ Architecture 3 21 hi 
leveraging existing internal solutions thereby creatin ditional risk for thereby creating an ad 
provides the least technical risk for delivery, delivery. 
capability delivery. 
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Option #1 - IRCC Proposed 

Architecture 
Data remains tightly coupled 
internally and addresses the 
client's pain points in regard to 
the neec to leverage multiple 
systems and cata sources. 
Resource expertise in-house 
to deveiop functionalities. 
Can meet key timeframes 
related to regulatory changes. 
All data sources are in the on 
premise data centre which 
facilitate its integration to 
EDW and the link analysis tool. 
IRCC is currently leveraging 
GCMS to administer APs. 
GCMS case for change is 
acknowledged within and 
outside IRCC. 
Does not align with the TBS 
directive on cloud first. 


Option #2 - Current CRM through Cloud 
Brokering Services 

Aligns with TBS directives. 

Solution already endorsed by TBS. 
Limits potential Technical Debt on 
GCMS. 

Resource expertise would need to be 
developed. 

integration with GCMS, EDW, IPRMS, 
AP system will be required. 

Greater compiexity of the case 
management landscape within the 
Enterprise (i.e., multiple case 
management systems) 

Multiple tools to complete the 
investigation by the client as GCMS 
will remain a key part of their 
investigations both as a source of data 
and for inciusion of information for 
application decision makers. 

Cloud PBMM has limited capacity at 
IRCC and no definitive date has been 
set for a full production delivery. 
Development or procurement of new 
AP solution could put delivery in 
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Option #3 - Open Source Micro 
Services Hosted in Public Cloud 


Aligns with TBS Digital 
Directives. 

Solution already endorsed by 
TBS. 

Limits potential Technical Debt 
on GCMS. 

Expertise may not be available 
internally. 

Cloud PBMM is currently not 
in place at IRCC and no 
definitive date has been set 
for a full production delivery. 
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Anticipated Benefits / Outcomes 


ij Increase efficacy of investigations by: 
” Providing officers with integrated IT tools that will allow for systematic detection and investigation of 
unscrupulous consultants and third ovi 


23 Increase efficiency of investigations by: 
* Providing investigation stakeholders with the systems to track and manage investigation cases in a 
robust and secure manner ensuring data integrity remains high. 


3; Increase client service by way of protecting current and future applicants by: 
? Creating the ability to apply corrective measures through implementing APs and carrying out 
consequences under IRPA and the Citizenship Act 


Immigration and Citizenship Consultants: Project Management Board (Director level) is responsible for the 
success and completion and benefit realization for this project. 


Mike MacDonald, Associate Assistant Deputy Zaina Sovani, Assistant Deputy Minister and CIO 
Minister, Operations Sector Transformation and Digital Solutions Sector 
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| Project PCRA Score: 2 


If there are capacity issues due to competing 
priorities or infrastructure upgrades, leading to 
knowledgeable expertise or other resources not 
being available, then development of enhancements 
for systems could be delayed, which in turn would 
delay the IRCC's ability to strengthen its compliance 
and enforcement efforts. 


An unplanned procurement requirement could result 
in increased costs and have an impact on the 
deployment schedule for IRCC and Shared Services 
Canada (SSC). Any resulting delays could have an 
impact on IRCC's ability to meet its business 
outcomes. 


If there are delays in endorsement from the 
departments IT Security and/or Privacy groups, then 
development of enhancements for systems could be 
delayed. 
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Organization OPMCA Level: 2 


IRCC has identified this initiative's IT changes as a top priority in the 
Department's "Must-do" prioritization. To mitigate the risk of other 
competing priorities, IRCC will build the schedule with the GCMS 
release schedule as a consideration and participate in departmental 
change management boards to ensure proper prioritization. The IT 
Project governance structure allows for business or IT issues to be 
escalated to senior management in an efficient manner for resolution. 


In order to mitigate this risk, there will he early engagement with 
Departmental IT resources, to define the business requirements. 
Where possible, IRCC will use existing contracts and leverage 
established Government of Canada and/or IRCC solutions to reduce 
this procurement risk. The Department is reaching out to SSC to 
identify IT requirements and timing. 


To mitigate this risk, the Department will make decisions to respect the 
envelope or absorb overruns internally. Options that could leverage 
current IT discussions elsewhere in the Department are also being 
explored. 


To mitigate this risk, the Department has engaged with internal 
security and ATIP teams, and have conducted an initial Privacy Needs 
Assessment. Time to conduct a Security Assessment and Authorization 
and Privacy Impact Assessments have been added to the schedule for 
the project. 
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> * E 


IRCC - Immigration and Citizenship Consultant Project 
EXECUTIVE Summary 


Wi Endorsement 


As part of the minister's mandate letter, the department is trying to develop a system to manage immigration Consultant investigations. 
- Collect additional information in existing systems (GCMS, eServices, IPRMS) in order to assist investigations 

- Provisioning a Link Analysis System to support the investigations once an RFP is completed 

- Leverage GCMS to track investigations of consuitants 

- Leverage GCMS for Administrative Penalties management system for regulations that are not finalized till Spring 2021 at earliest 


- Business Aligns with request from ministers mandate letter 
P * Replaces a low volume but Excel based process with a more integrated approach 


information * (Changes to existing system data collection to support investigation seem aligned with investigative needs and leverage existing data 
warehouse investments 
They indicate that they are already PCI D55 compilant, so the additional Credit Card information shouldn't be an information storage issue 


Application * Link Analysis Software has not been selected and cannot be evaluated. This function would likely benefit from a machine learning solution 
Proposed architecture reviewed by Chief Architect, but not DARB at this time 
Further options analysis should be conducted for Administrative Penalties administration, because it is not a department specific function 
that may be better suited for a mutli-departmental system on GCcase or another SaaS solution. This functionality is not anticipated to be 
needed tili more than 12 months 


Technology * Solution is targeting a legacy on-premises data center 
Leveraging the GCMS solution platform that previous flagged by reports for reliability 


Security & Privacy * (Current legacy datacenter does not align to ITSG zoning, but will be migrated to an End State Datacenter in Q3 20-21 


" FN . Deed A Sal she ingactioation: Administrative Penalties System in late 2020, prior to implementation 
to existing systems to support the Investigations. 2. IRCC to come back to GC EARB with Link Analysis Software requirements 


before the RFP is launched, and give considerations for Al options 
3. IRCC to come back to GC EARB to present the roadmap for GCMS 
Arch: replacement going fonward in fiscal 20-21 

4 Fully Le Partially 
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GC Digital Standards 


GC Architectural Standards 


Additional Project Details 


Algorithmic Impact Assessment 


Exemption Request Form 
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Required for GC EA Assessment 


NOT to be part of Presentation 


Required for GC EA "Assessment 


= NOT to be part of Presentation 


Recuired for GC EA A en 
NOT to be part of Presentation 


Complete as requiced: 


NOT to be part of Presentation 
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Design with users 


Research with users to understand their needs and the 


problems we want to solve. 
Conduct ongoing testing with users to guide design 
and development. 


Iterate and improve frequently 


Develop services using agile, iterative and user- 
centered methods. 

Continuously improve in response to user needs. 
Try new things, start small and scale up. 


Work in the open by defauit 


Share evidence, research and decision making openly. 


Make ail non-sensitive data, information, and new 
code developed in delivery of services open to the 
outside world for sharing and reuse under an open 
license. 


Use open standards and solutions 


Leverage open standards and embrace leading 
practices, including the use of open source software 
where appropriate. 


Design for services and platforms that are seamless for 


Canadians to use no metter what device ar channel 
they are using. 


Address security and privacy risks 


Take a balanced approach to managing risk by 
implementing appropriate privacy and security 
measures. 

Make security measures frictionless so that they do 
not place a burden on users. 
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Build in accessibility from the start 

* Services should meet or exceed accessibility 
standards. 

* Users with distinct needs should be engaged from 
the outset to ensure what is delivered will work for 
everyone. 


Empower staff to deliver better services 

+ Make sure that staff have access to the tools, 
training and technologies they need. 

* Empower the team to make decisions throughout 
the design, build and operation of the service. 


Be good data stewards 

* Collect data from users only once and reuse 
wherever possible. 

* Ensure that data is collected and held in a secure 
way sa that it can easily be reused by others to 
provide services. 


Design ethical services 

* Make sure that everyone receives fair treatment. 

* Comply with ethical guidelines in the design and use 
Of systems which automate decision making (such 
as the use of artificial intelligence). 


Coliaborate widely 

* Create multidisciplinary teams with the range of 
skills needed to deliver a common goal. 

* Share and collaborate in the open. Identify and 
create partnerships which help deliver value to 
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1- Align to the GC Business Capability model HOW will this be achieved? 


v Define program services as business capabilities to establish a = Publish a project glossary for all stakeholders. Requirements and project artifacts to be articulated 
common vocabulary between business, development, and in this established cammen language for widespread comprehension. 
operation 
Y identify capabilities that are common to the GC enterprise and" Project aligned with the Strategic laver on the Policy & Legislative Framework Management; the 
can be shared and reused Service layer on the Client Communication, Processing, and Compliance & investigation 
Management; the Supporting layer on the Program Management, Change Management, Workload 
Management, and Risk & Internal Compliance Management. 
v Model business processes using Business Process Modelling = Document current and future state business processes using BPMN and leverage existing 
Notation (BPMN) to identify common enterprise processes department business processes, where applicable. Requirements elicitation will also be supported 
by user stories 
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2 - Design for Users First and Deliver with Multidisciplinary Teams HOW will this be achieved? 


v Focus on the needs of users, using agile, iterative, and user- 
centred methods 


Y Conform to both accessibility and official languages requirements 


¥ include all skilisets required for delivery, including for 
requirements, design, development, and operations 


v Work across the entire application lifecycle, from development 
and testing to deployment and operations 


v Ensure quality is considered throughout the Software 
Development Lifecycle 


¥ Ensure accountability for privacy is clear 


v Encourage and adopt Test Driven Development (TDD} to improve 
the trust between Business and IT 


Consultations and user stories will steer detailed requirements to be user-centric in nature. 
Mock-ups and designs to be shared with clients early on to promote engagement and UX 
considerations. 


" All applications are being developed as multi-lingual, English and French. 
' Accessibility testing will be performed to meet at a min WCAG 2.0 AA 
^ Use of WAI-ARIA tags to meet accessibility requirements. 


Operations and Policy working groups to solidify future-state business processes, detailed 


requirements and to identify operational impacts. 


Joint design and development sessions to identify design/technical limitations early on. 


' Dedicated resources identified across stakeholders and technical teams to ensure 


consistency and momentum in the delivery of the project. 


| Regular touch-points with end users and business owners in the form of UX considerations, 


User Acceptance Testing (UAT), deployment, and training. 
Align to organization’s Application Lifecycle Development process. 


Leverage organization’s Quality Management team and utilize automated testing where 
applicable. 


Application is being developed as a secure online application requiring Got authentication. 
Terms and conditions of the application are reviewed with IRCE legal. 

PIA to be completed as part of the application development process and SARA 
accreditation. 


' Unit tests will be written as part of the development process. 
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3 - Design Systems to be Measurable and Accountable HOW will this be achieved? 


Y Publish performance expectations for each IT service Project to publish service level agreement to define: 
= Hours of operation to support 
* Expectations for system uptime/availability based on service 
delivery hours of operation 
Communications products (i.e. Release Notes, Known 
Issues] 


Make an audit trail available for aii transactions to ensure | Audit functionality already included in corporate systems. 


accountability and non-repudiation .* investigations and AP cases will store the user ID and audit details for 


the in-transit data captured and relay to the back end GCMS system. 
Audit details will be captured for users and relayed to an on premise 
data store. 


Establish business and IT metrics to enable business outcames To define a framework in consultation with aii stakeholders to 
measure successful implementation across user productivity, 
systems, deterrence/reduction in fraud activities, etc. 


Apply oversight and lifecycle management to digital investments Establishing oversight committees on ail digital investments with 
through governance appropriate governance 
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4 — Data Collection 


Y Ensure data is collected in a manner that maximizes use and 
availability of data 


Ensure data collected aligns to existing enterprise and 
international standards 


Where enterprise ar international standards don't exist, 
develop Standards in the open with key subject matter experts 


— Ensure collection of data yields high quality data as per data 
quality guidelines 


Ensure data is collected through ethical practices supporting 
appropriate citizen and business-centric use 


Data should only be purchased once and should align with 
international standards 


# Where necessary, ensure collaboration with department/ 
agency data stewards/ custodians, other leveis of government, 
and indigenous people 


5 — Data Management 


Y Demonstrate alignment with enterprise and departmental data 
governance and strategies 


¥ Ensure accountability for data roles and responsibilities 


v Design to maximize data use and availability 


HOW will this be achieved? 


Data collected is extracted and laaded into the corparate EDW where it is open and 
available for business analytical purposes. 


Data stored will have applied the necessary encoding to support the data requirements. 


Data collected wil be validated and stored as per business and operational reporting 
requirements. 


Application will be designed to only collect data necessary in order to facilitate robust 
investigations to disrupt consultant wrongdoing. 


We will follow departmental data management policies. 


HOW will this be achieved? 


Data collected in support of this project will aim to limit duplication of data 
management pracesses, This proposed solution aims to leverage the existing and 
extensive biographic and application related data being collected for clients/reps and 
any Immigration, Citizenship, Refugee and Passport Applications. 


User Access is controlled through an enterprise process to ensure accountability. 


Only necessary data will be collected. Data will be stored in the eServices and GCMS 
case processing repository and extracted into the EDW for useahility. 
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6 — Data Storage HOW will this be achieved? 


v Ensure data is stored in a secure manner in accordance with the Data will be stored in restricted zone and encrypted in transit and at 
National Cyber Security Strategy, and the Privacy Act rest in accordance to CSE encryption standards. 


v Follow existing retention and disposition schedules ; All data captured will adhere to processes for disposing and archiving of 
data as per established Retention and Disposition schedules. 


Ensure data is stored in a way to facilitate easy data Data is available to be retrieved through ETL or APIs as per any MOU. 
discoverability, accessibility and interoperability 


7 — Data Sharing HOW will this be achieved? 


A Data should be shared openly by default as per the Directive on 
Open Government 


Q Ensure government-held data can be combined with data from = Data collected from all applicable sources for the purpose of supporting 
other sources enabling interoperability and interpretability through these IRCC investigations will now be integrated with existing GCMS 
for internal and external use stored data, thereby Increasing interoperability of internal investigation. 
However, due to the sensitivity of data supporting these investigations, 
it does not allow for external use. 


_ Reduce the collection of redundant data = Data collected in support of this project will aim to iimit duplication of 
data management processes. This proposed solution aims to leverage 
the existing and extensive biographic and application related data being 
collected for clients/reps and any Immigration, Citizenship, Refugee and 
Passport Applications. 


Reuse existing data where possible = Same as above 


A Encourage data sharing and collaboration 
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8- Use open standards and solutions by default HOW will this be achieved? 


wi Where possible, use open standards and open source software first. 


" jfan open source option is not available or does not meet user needs, 
favour platform-agnostic COTS over proprietary COTS, avoiding 
technology dependency, allowing for substitutability and interoperability 


if a custom-built application is the appropriate option, by default any 
source code written by the government must be released in an open 
format via Government of Canada websites and services designated by 
the Treasury Board of Canada Secretariat 


-All source code open must be released under an appropriate open source 
software license 


' Expose public data to implement Open Data and Open Information 
initiatives 


5 - Maximize Reuse 


v Leverage and reuse existing solutions, components, and processes 


Select enterprise and cluster solutions over department-specific solutions 


" Achieve simplification by minimizing duplication of components and 
adhering to relevant standards 


" inform the GC EARB about departmental investments and innovations 


Share code publicly when appropriate, and when not, share within the 
Government of Canada 


If open source tools or software may be used to achieve the project's 
expected outcome, they will be evaluated and selected before pursuing 
proprietary products or services. 


If open source software is used we will abide by the respective open source 
license and government policies. 


If open source software is used we will abide by the respective open source 


license and government policies. 


No data captured as part of this project is known to be open outside of ATIP 
requested data. 


HOW will this be achieved? 


Reusing integration processes/technology as well as the core case 
management system. 


Simplification will be achieved by reusing integration processes/technology 
as well as the core case management system. The department will adhere to 
relevant standards. 


Following the IRCC ARC process, any investments or innovations will be 
brought to the IRCC EA group. 
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10- Enable Interoperability HOW will this be achieved? 


Expose ali functionality as services 


Use micro services built around business capabilities. Scope each 
service ta a single purpose 


Run each IT service in its own process and have it communicate 
with other fT services through a well-defined interface, such as 
an HTTPS-based application programming interface (APIS as per 


Appendix D: Mandatory Procedures for Application 


Programming Interfaces 


Run applications in containers 


Leverage the GC Digital Exchange Platform for components such 
asthe API Store, Messaging, and the GC Service Bus 
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11 - Use Cloud first* HOW will this be achieved? 


Q Enforce this order of preference: Software as a Service (SaaS) 
first, then Platform as a Service (PaaS), and lastly Infrastructure as 
a Service (iaa5) 


Enforce this order of preference: Public cioud first, then Hybrid 
cloud, then Private cloud, and lastly non-cloud {on-premises} 
solutions 


WJ Design for cloud mobility and develop an exit strategy to avoid 
vendor lock-in 


12 - Designfor Performance, Availability, and Scalability 


v Design for resiliency = GEMS is based on the Siebel platform that has built in resilient 
Drocessing services on premise. 


Y Ensure response times meet user needs for availability '^— Solution will meet any availability and limit to any scheduled downtime 
in accordance with any defined SLA. 


C Support zero-downtime deployments for planned and unplanned 
maintenance 


Y Use distributed architectures, assume failure will happen, handle ^ Monitoring and alerting services available through the GEMS IT 
errors gracefully, and monitor actively operations and incident management teams will be leveraged. 


* NOTE As per CIO of Canada: All OpenText and SAP renewais wil now be done through the new Cloud First policy, which states Software As À Service (SaaS). 
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13 - Design for Security and Privacy HOW will this be achieved? 


Y implement security across all architectural layers Appropriate TSG zoning and other guidelines for encryption standards for 
data in transit and at rest to be applied once GCMS moves to the Enterprise 
Data Centre. 
iTSG-33 application security checklist will be completed and reviewed 


Categorize data properiy to determine appropriate safeguards Appropriate data classification and security assessment being carried out by 
business and IT Security group. 


Perform a privacy impact assessment {PIA} and mitigate all privacy 2 PIA will be completed as per project schedule. 
risks when personal information is involved | 


Balance user and business needs with proportionate security Will review the assurance levels required for user authorization of any 
measures and adequate privacy protections. systems and will implement the appropriate cyber authentication services. 
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PERE 


+ Consultant Proiect.ppix - PowerPoint s$ G 


m PROTECTED B/ PROTÉGÉ B 


Request Summary Information 


TBS Project/Activity ID 27672 
ifrom IT PLAN] ar UF E 


Concept Case {ENDORSED ?) YES ivi DATE: 2019-08-30 NO REASON: 


Ti l Planned Start Date: Planned End Date: 


One Time project cost: (18 Subi On-going {annual} costs: 


mu $19.00M $2.95M 
Funding Source A-Base [|j B-Base M Other: 
Current Gate” Gate 3: Business Case and General Readiness 


On schedule? YES ivi NO [| 


Do you have a Departmental Architecture Review Board (ARE)? YES NO 


Who is the Chief 


Architect? IRCC - Omar Subhani Omar Subhani@icic occ. 


YES 


* TRS Gates: 
https: fus. cenada.ca/en/treasury-board-secretariat/services/intormation-technotogy-preject-mansgerment/ 
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"e Ll 
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x gU emm 


What is the scope of work required by Shared To provide the requested server, storage and network infrastructure to operate proposed IRCE 
Services Canada? systems and suosystems. 

When/How has SSC been involved in this SCC will be engaged once timelines and project levels have been identified in ensuring that 
project? resources are designated to the project. 


Ya 


What SSC Services are to be impacted or SCC will be engaged once timelines and project levels have been identified in ensuring that 


m: 


consumed? resources are designated to the project. 


* 


What are the dependencies and assumptions? SSC can provide any neces ructure within the timelines identified in the timeli 
project. 


Presentation tile: Governance Committees: 


loanne Faucher 
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GC Enterprise Architecture Review Board (EARB) 


March 2, 2020, 9:00 a.m. to 12:00 p.m. 
90 Elgin Street, 2^? Floor, Room 2068 


arc Brouillard ( 
Luc Gagnon(SSC) 


Co-chairs, Marc Brouillard and Luc Gagnon, welcomed members. 
The Record of Discussion for the meeting of December 19, 2019 was endorsed. 


The co-chair provided the following updated regarding new Deputy Minister committees for 
governance. The following new committees were announced: clerk committee on digitization; 
DM CEPP will now be a clerk committee chaired by Peter Wallace and Lorie MacDonald; 
there is a new committee on Core Services which will focus on enabling high priority digital 
initiatives; new committee called Governance in a Digital Age; and a new committee on 
Procurement. They should be up and running by mid-April 2020. 


Christian Figueredo (CBSA) 


The purpose of this presentation was to provide GC EARB an information update, following 
the endorsement of the cloud hosting solution for Protected B data for CARM in November of 
2018, in order to seek GC EARB's continuing endorsement. 


Feedback 

e Discussion centered on the mitigation of data migration risks. Presenters indicated that 
they are actively working on risk assessment and that the majority of their data will be 
migrated at release 2. They are leveraging point in time data to continuously monitor 
SA&A, and they are advising their upper management of the risks involved. An SA&A is 
being done for each release and protection controls are being considered at each phase. 
They don't have a tool to capture this information, currently they are using Excel. AWS 
certifications have been used and they indicated that SCED is not end to end, SCED 
connectivity has been defined as use case 5. Elizabeth Rhodenizer offered to share 
lessons learned from their legacy application migration. 

e Members discussed the importance of having a data exit strategy. The presenters 
indicated that this was part of their contractual agreement with Deloitte therefore this has 
been addressed. 

e Members inquired if there would be one client business number assigned and if CFIA was 
considered. CFIA is not within the scope of this CARM project. A customs licence broker 
number will be used which is separate to this CARM project. 
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e Members raised questions regarding the use of APIs and whether this was part of CBSA’s 
long term strategy. With each phase CBSA is looking at implementing API’s where it 
makes sense. In six months they will have a better grasp of where API's can be used. 

e |t was noted that the single sign on being used is DCAM. 

e |t was noted that end users are being engaged to perform UAT. 


Decision: Endorsed 


Action: ISED to come to GC EARB to talk about their strategy. 
Lead: Wendy Leasko 


Action: CBSA to connect with OCG (FMT) to discuss SAP transport layer for information 
sharing purposed. 
Lead: Christian Figueredo, CBSA 


Condition: CBSA to present SA&A with service provider access to OCIO for endorsement 
with conditions. 
Lead: Christian Figueredo, CBSA 


Natalie McGee (TBS) 


The purpose of the presentation was to introduce the government-wide framework, including 
data governance and stewardship, for TBS work on the development of principles, policies 
and guidance with respect to "prescribing enterprise-wide data standards" and to seek 
endorsement on the approach to use PROVINCE/TERRITORY as a pathfinder. 


Feedback 

e Members recommended that this be centralised through a single API. 

e Members indicated that the framework needs to be defined. 

e Members asked if there are conformance suites or just general API pieces. It was 
indicated that it's a framework on how to make it easier to use. 

e A comment was made that it needs to be clear that this is for government use, not for 
provinces or citizens having to use it. 

e It was indicated that the alpha code came from Canada Post 

e Asking to endorse this example as a pathfinder. 


Decision: Province code as pathfinder for data governance is endorsed 
Action: Return to GC EARB a work plan of engagement for different gov't tables and 
governance experts, and ID target at the end of that project. 


Lead: Natalie McGee, TBS 


Action: TBS to engage CDO council and PCO data leads to discuss scope and mandate. 
Lead: Natalie McGee, TBS 


Page 32 of 95 
000080 


Document released under the Access to Information Act / 
i V d i r > 


UNCLASSIFIED / NON CLASSIFIÉ 


Natalie McGee (TBS) 
scott Levac (TBS) 
Dan Cooper (TBS) 


The purpose of the presentation was to seek endorsement on new policy instruments: 
amendments to the Directive on Service and Digital; Appendix F - Standard on Information 
Technology User and Workspace Profiles; Appendix G - Standard on Information Technology 
Profile Entitlements. 


Feedback 

e It was stated that SSC is doing a gap analysis now and room is being left for a transition. 

e Departmental ClOs should respect the profiles, and any exceptions will need to bring 
them to GC EARB. 

e Members asked PSC how their experience was doing the personas. PSC indicated it 
went well for them and they were able to ID unique personas. 

e Members inquired if this is to be applied to special cases. It was indicated that all 
personas can go through a sub-selection. 


Decision: Endorsed 


James Heffernan (ESDC) 
Mathiew Leprohon (ESDC) 
Leila Ghobril (ESDC) 


The purpose of the ESDC presentation was to seek GC EARB endorsement for ESDC to 
onboard three (3) additional Tier 2 contact centres onto SSC’s Hosted Contact Centre 
solution (HCCS): National Identity Services; National Services; and Regional Enquiry Units. 


Feedback 

e Members inquired about the call volumes. El is 17-18M/year auto fix; 4m agent; Pensions 
/ M/year, demand for agents is increasing, ECC: 500K/year, but reduced to 30% with new 
system, calls times went from 4 minutes to 1 minutes, NIDS is comparable to ECC, and is 
not at risk of overwhelming/overloading the existing system. 

e Members asked if the system is fully fault tolerant and resilient in the cloud. ESDC 
indicated yes, full redundancy. 

e Co-chairs indicated that endorsement of integration of 3 tier 2 into Tier 1 instance is given. 
SSC and/or ESDC must return to GC EARB if they are going to be separate Tier 1 
instance. 


Decision: Endorsed if ESDC uses the existing instance of this product, otherwise they 
must return to GC EARB to justify the need for separate instances 
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The purpose of the presentation was to provide an update on the status of the SSC Contact 
Centre modernization plan and obtain endorsement of the near-term plan for: Remaining Tier 
1 Contact Centres; End of Life (EOL) / End of Support (EOS) Contact Centres; Contact 
Centres on expiring contracts and establishing a continuous evergreening approach. 


Feedback 

e Aremark was made that retraining staff will be an important issue 

e Members inquired if SSC have the money to do this, or does the department pay for it. 
Some cases have been covered 

e Members commented that HCCS seems to be overkill for regional enquiries 

e Members indicated that better definition of the Tiers and how to assess them is required. 

e SSC indicated that timing has been the biggest issue, and that departments are focussing 
on the cloud. Members indicated that things shouldn't be rushed for the sake of timelines. 


Decision: SSC strategy NOT endorsed 

Action: SSC to expand the definitions of 3 tiers based on common set of requirements for 
each tier and return to GC EARB to re-present their strategy. 

Lead: Tom Socco, SSC 

Action: SSC, with CRA, to return to GC EARB to provide findings from two pilots, integrated 
strategy to define best solution by tier for government department. 

Lead: Tom Socco, SSC 

Decision: 3 tier 2 into HCCS for ESDC is endorsed (see 5a). 


Action: TBS to review TBS condition and funding authorities. 
Lead: Floyd Pushelberg (TBS) to follow-up 


Frances Archambault (SSC) 
Pierre Ferland (SSC) 


The purpose of the presentation was to provide an update on the SSC ITSM tool project. To 
seek GC EARB endorsement of the ITSM tool project next steps. To position the project for 
SSC’s Project Management Board Gate 3 approval (March 27, 2020) 


Feedback 

e |t was stated that there are no named licensing or concurrent licences. Will be located at 
EDC The contract includes a “huge envelope of 
professional services’. There is currently no scheduled time for moving to the cloud. 

e Members inquired if there is any guidance for department that don't currently have an 
SAAS solution. TBS's position is that they will enforce all departments integrating to the 
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same platform, and that any new investments must look at what SSC has done with ITSM 
tool project. 

e No Onboarding process has been built and SSC is still working on the prioritization. It was 
noted that everyone is onboarded to the licensing. 

e ESDC indicated that they could be used as a large partner test. 

e SSC indicated that they need feedback from departments on what other systems they will 
need to integrate with. 


Decision: Endorsed 
Enterprise Decisions: Departments looking to update ITMS solution need to consider the 


SSC ISTM tool as a viable option, if not selected, the department must then come to GC 
EARB for endorsement. 


Robert MacPhail (SSC) 


Due to time limitations, this item was deferred to the next meeting. 


The purpose of this presentation is to seek GC EARB endorsement to proceed with 
Information Technology (IT) enhancements in order to efficiently detect, analyze, track, and 
process administrative investigations of consultants or other representatives suspected of 
fraud or misrepresentation under the /mmigration and Refugee Protection Act and Citizenship 
Act. 


Feedback 
The following comments/questions were received in response to email sent via the 
secretariat, soliciting member approval. 


CCCS Feedback 


e The CCCS endorses the TBS OCIO recommendation that, IRCC should proceed with 
enhancements to existing systems to support the investigations while minimizing changes 
to GCMS. 

e CCCS also recommend that a 4th criterion be added to the list of conditions that the 
recommendation is based on: 

1. IRCC to come back to GC EARB with further options analysis for Administrative 
Penalties System in late 2020, prior to finalizing design 

2. IRCC to come back to GC EARB with Link Analysis Software requirements before 
the RFP is launched, and give considerations for Al options 

3. IRCC to come back to GC EARB and other relevant committees to present the 
roadmap for GCMS replacement going forward in fiscal 20-21 

4. IRCC consult with the CCCS in regards to the above 3 conditions, in order to 
confirm that ITSG-33 is being applied appropriately to those activities. 
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e The recommendation for the 4th condition is based on CCCS' review of the attached 
strategy. Specifically, the described approach for identifying appropriate Access 
Management and Encryption solutions is not clear, and we believe this will be paramount 
to the architecture design. 

e One final observation, Slide 27 indicates that the Departmental EA and Architecture 
Review Board has not sanctioned the preferred Solution Architecture option. IRCC may 
wish to review that answer to either confirm it’s correct or provide any more detail. 


Public Service Commission of Canada feedback 


e Endorsed with the conditions as listed on slide 15 in addition to the assumption that what 
is listed as enhancements will not be costed out as listed on page 27 (one time project 
costs $19.0M and ongoing $2.95M). 

e |t would be assumed that if presented in person, IRCC would be able to explain that the 
cost for the enhancements as described would be a fraction of the costing presented on 
slide 27. 

e |f PSCCs read of this is not aligned with IRCC's intent, then PSCC highly recommends 
EARB discusses this project in-person rather than secretarially. 


Decision: Endorsed 


Conditions: 

1. IRCC to come back to GC EARB with further options analysis for Administrative 
Penalties System in late 2020, prior to finalizing design 

2. IRCC to come back to GC EARB with Link Analysis Software requirements before the 
RFP is launched, and give considerations for Al options 

3. IRCC to come back to GC EARB and other relevant committees to present the 
roadmap for GCMS replacement going forward in fiscal 20-21 

4. |RCC consult with the CCCS in regards to the above 3 conditions, in order to confirm 
that ITSG-33 is being applied appropriately to those activities. 


Due to time limitations, this item was deferred to the next meeting. 


Due to time limitations, this item was deferred to the next meeting. 


Marc Brouillard (TBS) 
Luc Gagnon (SSC) 


The co-chairs thanked members for attending. 


The next meeting will be on March 17, 2020. 
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Final Attendance 


Department Last Name 


Canada School of Public 
Service Allison Christopher Presenter 
Canada Border Services Agency | Anawati Other 


Shared Services Canada Archambault Other 


Treasury Board of Canada 

"m 
secretariat Bashir Imraan Ex-Officio 
Treasury Board of Canada 


Department of National Defence | Blais-Parent Gilbert Observer 
Shared Services Canada Bourguignon Alternate 
Shared Services Canada Bouma Presenter 


Wore 
Secretariat Brouillard Marc Co-Chair Yes 
Public Services and 


Casey Member 
Library and Archives of Canada | Charbonneau Member 


bon 
Secretariat Cooper Dan Ex-Officio 
"mu 
Secretariat Delorme 


Global Affairs Canada Denis Observer 


Canada Border Services Agency | Doan Member 


Ferland Presenter 
Figueredo Presenter 
Fortin Observer 
Gagnon Co-Chair 


Treasury Board of Canada 
Secretariat Gibault Lynn Member 


Canada School of Public 
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mese [un (Mehde | Member No 
Establishment Mullen Michele Member No 
tog (tigen —— ——— 
Heritage Murray William Member No 


Privy Counci Offs [Nar | Sreejt | Member No  — 
Canada Revenue Agency Alternate 
Shared Services Canade 


Public Service and Procurement 
Treasury Board of Canada 


Public Service Commission Elizabeth 
[Shared Somos Gone [Rare — 


Infrastructure Canada — Canada Shields — | Joan | Member . 


Department of Employment and 
Social Development okinner Denis Observer 


Page 38 of 95 
000086 


Document released under the Access to Information Act / 
Document divulgué en vertu de la Loi sur l'accès à l'information 


UNCLASSIFIED / NON CLASSIFIÉ 


Department Last Name | FirstName | Role — JAttended 


Immigration, Refugees and 
Citizenship Canada Sovani E —-— Member 


-Snared Services Canada _ Services Canada 


| Statistics Canada — Canada St-Yves sid Yves {on | Member . 


National Research Council of 
Canada Wagner Paul Member 


Page 39 of 95 
000087 


Document released under the Access to Information Act / 
i r 3s à l'informati, 


UNCLASSIFIED / NON CLASSIFIÉ 


| Wis PowerPoint Side Show - GC ESRB - IRCC - Immigration and Citizenship Consultants &P System Options Analysis (Condition #1) (Hi gpt« - PowerPoint "m = 


. Unclassified 


Government of Canada 
Enterprise Architecture Review Board (GC EARB) 


Immigration, Refugees and Citizenship Canada (IRCC) - 


Immigration and Citizenship Consultants 


Follow-up to GC EARB on March 2", 2020 (Condition #1 for the 
Administrative Penalties System) 


Presenter(s): 
LJ information v Follow-up * {RCC} Omar Subhani Omar. SuhhaniGicic.gc.ca 
L} Exemption LI Final Architecture 
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IRCC is returning to GC EARB following the initial presentation on March 2"6, 
2020, in order to respond to condition one (1), namely to present further 
options analysis for the Administrative Penalties (AP) system prior to 
finalizing solution design. 
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Recap: 


nium wit In ormation us y (IT) "eo son to » efficiently — 
analyze, track, and process administrative investigations of consultants or 
other representatives suspected of misrepresentations or non-compliance 
with the /mmigration and Refugee Protection Act (IRPA) and Citizenship Act. 


* Following IRCC's presentation, the Board granted a secretarial endorsement 
. With three condition to be addressed by IRCC (condition #1 being the focus of 


this presentation): 


1) IRCC to come back to GC EARB with further options analysis for Administrative. 
Penalties system in late 2020, prior to ee design; | 


4) IRCC to consult with the CCCS in regards to the dod conditions, in order to confirm 
that ITSG-33 is being applied appropriately to those activities. 
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Background 


IRCC is required to strengthen compliance and enforcement in regards to immigration and citizenship 
consultants, QUA | ccm | Mp 


incidents of fraud and wrongdoing have risen in recent years. Currently, IRCC receives approximately 
1000 investigation referrals annually and actively pursues approximately 200 investigations given the 
number of resources dedicated to them. These investigations can link to many applications, often 
thousands, for entry or status in Canada. As a result, IRCC's investigation unit is unable to keep up 
with the volumes to effectively detect, investigate, track, and manage cases. 


Enhancements to IT tools will support compliance efforts and allow officers across IRCC to make 
informed decisions when assessing applications for status in Canada as well as assist in the disruption 
of fraud networks by transforming the current manual, labor-intensive and unsystematic processes 


used to manage investigations. 


As the Department undertakes its Transformation agenda, new capabilities such as those described in 
this project need to balance near term needs with the future. The proposed architecture: 


* Leverages and reuses existing solutions within the Department; 


Prioritizes data integrity (applicants, immigration consultants and 3rd parties). 
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Actions Completed 


Action Complete: Initial presentation to GC EARB in March 


* [RCC held Solution Architecture Working Groups, which involved internal subject matter 
experts who looked at different IT solutions in relation to business and technical 
requirements. 


* GCMS platform, which includes EDW (Cognos), was selected as the most practical 
solution due to its investigative and analytical features, ability to re-use existing AP 
functionality, and because leveraging existing solutions provides the least technical risk 
to deliver AP in a timely manner. 

Action Complete: IRCC's response to GC EARB condition #1 

*  IRCC held GC EARB Working Groups (GC EARB WG) and other ad hoc meetings in order 
to complete further analysis of the most viable IT solutions for the AP system: GCMS, 
GCcase, SaaS (Protected B), and Custom/Open Source on Public Cloud (PBMM ). 

+  GCEARB WG reviewed the proposed solutions in relation to business and technical 
requirements and considered pros and cons for each (outlined in subsequent slides). 


Action Complete: ITSG-33 consultation 


*  |RCC held ITSG-33 consultation meeting involving Project Branch, IT Security, IT 
Operations, EDW and CCCS-SA, and will continue further consultations as needed. 


* [RCC confirmed that it is applying ITSG-33 through an internal process based on IT 
Security Risk Management Framework and SA&A Directive. 
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ministrative 


The AP solution will provide functionality for IRCC to issue administrative penalties to those 
who violate IRPA and the Citizenship Act when providing immigration or citizenship advice 
or representation to IRCC clients. 


High-level requirements: 


Ability to determine and record a penalty score and related information where 
applicable; 

Ability to apply a penalty or consequence against the alleged offender(s); 

Ability to record a final penalty decision; 

Ability to record that, following administration of a penalty, a complaint was sent to a 
regulator or professional body; 

Ability to record requests for review brought to the Governor in Council (GIC) Appointee 
and related details; 


Ability to record incoming correspondence; 


Ability to record and attach relevant evidence and documents including large amounts 


of GCMS data. 
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Original proposal in March 2020: Manage investigations and APs in GCMS 


Leverages and reuses existing GCMS functionality 
*  APfor Temporary Foreign Worker Program (TFWP) implemented in GCMS 
Data sets for immigration and citizenship applicants already in GCMS 


Prioritizes data integrity (master record for applicants, 3" parties, immigration 
consultants) 


Resource expertise in-house (IT-OPS) 

DPM - Stabilizing and standardizing (Siebel) 
Siebel UI, SOAP, REST hosted in application containers (Tomcat) 
Zero downtime for deployments and configuration changes 
Browser centric development tools 
Target upgrade post EDC go-live 
Limited impact on GCMS Technical debts 


ge 


Does not align with TBS directive of Cloud first 
* Migrating 


g to the EDC 


The EDC project has the highest priority in IRCC (Target Sept 2021) 


Lae Display Settings 
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Option 2: GCca 


GoC standard for case management 
*  QGCcase platform is MS Dynamics hosted by PSPC/SSC at the EDC (EDC data center) 


* Plans underway to migrate to cloud (laaS) to meet client demand in MS Azure cloud 


GCcase is TBS supported 
IRCC has implemented CORE, LCMS and PPERTS and IRB has deployed IRIS in GCcase 
Avoid potential Technical Debt with GCMS 


GCcase Marketplace available to reuse common assets 


Lack of experience in-house (IT-OPS) with MS Dynamics dev 
IRCC MS Dynamics team is 3 people 
Still a learning process for the team 

GCcase onboarding may impact timelines 


| Implementing GCcase is a partnership with PSPC who have some say in timelines and 
deliverables 


. GCcase conducts impact assessment to review and estimate timelines 
User experience 


* Investigative analyst will need to access 2 different systems (GCMS and GCcase) 


Movement of data between systems 
. Client data will be moved back and forth between GCMS and GCcase 


Lar Display Settings 
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Option 3: Software as a Se 


Implement AP via a Protected B SaaS COTS product 


MS Dynamics 365 Online, Salesforce, ServiceNow are all available as a Protected B SaaS 
(cloud-broker.canada.ca) 


Cloud first (SaaS) 
Limits potential Technical Debt with GCMS 


Costs may be higher 
* GCcase which is MS Dynamics is cheaper on the private cloud than the SaaS (MS 
Dynamics 365) 
Not cloud vendor agnostic 
No in-house dev expertise with the above vendors 
* Learning curve may impact dev timelines 
. Dependency on obtaining resources 
Additional requirements for SaaS 
* Supply Chain Integrity and Cloud Service Provider Information Technology Security (ITS) 
Assessment 


Investigation + AP specific SaaS will require getting Protected B clearance 


Movement of data between systems 
* Client data will be moved back and forth between GCMS and Cloud 
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Cloud Platform 


n Source on 


Option 4: Custom/Ope 


Implement custom or open source case management solution in a Cloud PBMM (PaaS) 


IRCC has deployed to the AWS PBMM (TR eApps pilot in prod) 
Aligns with TBS Digital Directives 
* Cloud first (PaaS), Cloud vendor agnostic 


Limits potential Technical Debt with GCMS 


Custom build will have the highest level of dev and longest timelines 
* Build from scratch (table structures, Ul, user functionality, muiti-lang) 
* Admin, user access, security available from cloud platform services 


e Additional time and effort for Training manuals 


* Complexity, time, effort may be reduced by implementing open source system 


* limited tech support, bug fixes with open source 
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Case Management (Collection of details, notes, activities) 
GCMS: Clone existing entity based on existing TFWP AP functionality (with new search specs) 


GCcase: Customize Incident object 


Data 
GCMS: GCMS is the master data of immigration consultants, applications, investigations 
GCcase: New interfaces to GCMS to pull data into GCcase 
*  GCMS Integration work still required with any interface 
* Technical debt will increase at the integration layer if implemented prior to Digital Platform Modernization {DPM} 
Even with data migration, updates in master will need to be sent to GCcase 


There is a low volume of cases so building a separate solution may not be a good investment 


Correspondence Generation 


GCMS: Utilize existing correspondence functionality, only add new templates 
GCcase: New development (integration to Outlook, templates) 


* Integration hooks to Outlook may already exist from GCcase Marketplace 


integration to GCDocs 
i + GCMS: Existing 


. GCcase: New development to invoke GCDocs end points 


integration to EDW 
GCMS: Updates to existing ETL 
GCcase: New ETL from GCcase schema to EDW 
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ation and AP 


APs are a sub-process of an Investigation 


* AP users will revisit investigative data during the process 


- Record Compile data ~ Create AP Seng PFL - Calculate based on 
correspondence - ASS - Review AE | Receive response Violation, 
- Record activities entities -Review evidence | - Pursue AP Aggregation, 

f lnk (seers! Aert ang negre determination impacts 


Investigation Data 


AP Data 


Usability disconnect even with Single Sign On (SSO) 


* AP users will have to toggle between apps 


A portlet interface could mitigate but the level of effort is high 
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GCcase would be viable but would still require GCMS integration, hence leveraging 
existing TFWP AP functionality will minimize changes in GCMS. 


An external solution would require movement of client data between the parent 
system (Investigations Management in GCMS) and another system (e.g., AP in GCcase) 
and then back into GCMS once the AP decision is rendered. 


There is a low volume of cases, hence building a separate solution may not be a good 
investment. 


Building a separate system for APs would increase the project costs and may have an 
impact on deployment timelines. 


As IRCC works on DPM to ensure access to the right digital tools and a digital platform 
that is nimble, modern and efficient, the external solution for AP would likely be throw 
away. 
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The proposed change to GCMS are dependant on the Siebel upgrade and the 
modernization of the integration layer part of the DPM technical Debt Reduction 
portfolio. 


IRCC project team and EA team will monitor closely for anything that may impact GCMS 
stability 


The Immigration and Citizenship Consultant initiative will align the project schedule to 
TDR DPM changes dependent on the delivery of the project. 


LÀ 


The project team will remain engaged with the DPM team to ensure any change in 


direction or in timeline. 
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cture — 


Inventory of system changes: 


es 


6. AP created in GCMS for the tracking of activities related to administrative penalties. 


Issue Procedural Fairness Letter outlining penalties 


Generate reports 


d O 


. Unclassified 
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Next Ste 


ps 


* Obtain endorsement from GC EARB to i 
option #1. 


* Develop detailed requirements for AP and coordinate with IRCC IT Ops for the 
design, development and implementation. 


* Continue working with TBS and CCCS to ensure alignment with other GC 
initiatives and IT security risk management requirements. 
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GC Enterprise Architecture Review Board (EARB) 
Record of Discussion 

December 17, 2020, 9:00 a.m. to 10:30 a.m. 

Via Microsoft Teams 


Paul Wagner (TBS) 
Raj Thuppal (SSC) 


Co-chairs Paul Wagner, Treasury Board Secretariat (TBS) and Raj Thuppal, Shared Services Canada 
(SSC) welcomed members. 


The Record of Discussion (RoD) for the meetings of September 10, 2020, October 8, 2020 and 
December 3, 2020 were endorsed. Jody Lobb (TBS) requested more time to review the July 30, 2020 
RoD, therefore it will return to a future meeting for GC EARB member approval. 


Robert McLellan (STATS) 
lan Bale (STATS) 
Sarah MacKinnon (STATS) 


The purpose of this presentation was to seek GC EARB endorsement of the Analytics Diversification 
architecture at Statistics Canada. 


Feedback 
e . No comments or concerns were raised. 


Endorsement: Endorsed 


(CSE) 
(CSE) 
(CSE) 


The purpose of this presentation was to update GC EARB on the overall progress of the CSE 
NextGen HR and Pay pilot project and seek endorsement of the architecture. 


Feedback 
e offers within the solution, and Will 
CSE until a solution is in place. 


upon request by 


e CSE is implementing in the interim architecture. 

e CSE will collaborate and share their experiences with other departments, including NextGen HR 
and Pay project. 

e CSE will not run both systems in parallel for the duration of the pilot. A phased-in approach will be 
taken with full migration intention by the end of the pilot. 

e OCHRO positioned the endorsement of the CSE pilot proposal, based on the following conditions: 
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e Procurement aligns to NextGen: 
e CSE has collaborated with PSPC on the procurement and issued 
NextGen contract, which resulted in being the vendor capable of meeting 
HSO security requirements. 
e Functional scope aligns to NextGen: 
e CSE is working with to build out a full data dictionary to collaborate with 
the NextGen HR and Pay initiative. 
e Project timelines/schedule consider timelines for GC NextGen and Pay 
e Project governance is established and will align to whatever transcending HR/Pay/Pension 
governance is put into place: 
e Internal project governance has been implemented. CSE is committed to providing 
updates as required to other GC boards/committees as required. 
e HSO’s form a cluster to collaborate on the development of the HSO instance in order to 
advance the GC agenda to reduce HR solutions: 
e HSO Community of Practice has been established to share information on various 
topics including our NextGen journey. Three meetings have taken place. 
e Regular meetings have been scheduled with CSIS, FINTRAC, RCMP and DND. 


Endorsement: Endorsed (OCHRO conditions, as stated above, have been met) 


Greg Hills (SSC) 


The purpose of this presentation was to seek GC EARB endorsement on the target architecture of the 
GCSI Expansion Project and to provide information on the projected service offerings. 


Feedback 

e SSC is working with the Department of National Defence (DND) to review cloud options such as 
the usage of a Cloud Service Provider (CSP). At this time Cloud isn't within scope of the GCSI 
timeframes. Secret cloud options analysis will be part of the longer-term GCSI roadmap. 

e The high-level plan is to implement secure remote access within 12-18 months following approval 
of funding. The Cyber Centre will be engaged to when establishing the timeframe. 


Endorsement: Endorsed pending successful resolution of Action noted below 


Action: SSC & TBS Enterprise Architecture (EA) team to ensure compliance 


Lead: Dan Cooper (TBS), Greg Hills (SSC) 


Greg Hills (SSC) 


The purpose of this presentation was to seek GC EARB endorsement of the target architecture of the 
smart Phone for Classified (SPfC) Project 
and provide information on the projected service offerings. The SPfC Project will deliver the GCSI 


Mobile Phone Service Offering (MPSO) which will be an integrated component of the GCSI classified 
portfolio. 
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Feedback 
e No comments or concerns were raised. 


Endorsement: Endorsed pending successful resolution of Action noted below 


Action: SSC & TBS Enterprise Architecture (EA) team to ensure compliance 


Lead: Dan Cooper (TBS), Greg Hills (SSC) 


The purpose of this document is to satisfy Condition #1 which resulted from IRCC’s presentation to 
GC EARB on March 2, 2020. 


Condition #1: 
IRCC to come back to GC EARB with further options analysis for Administrative Penalties (AP) system 
in late 2020, prior to finalizing design. 


IRCC's Response to Condition #1: 

*  |RCC held GC EARB Working Groups (GC EARB WG) and other ad hoc meetings in order to 
complete further analysis of the most viable IT solutions for the AP system: Global Case 
Management System (GCMS), GCcase, Software as a Service (SaaS) (Protected B), and 
Custom/Open Source on Public Cloud (PBMM ). 

e GC EARB WG reviewed the proposed solutions in relation to business and technical requirements 
and considered pros and cons for each. 


Feedback 
e No comments or concerns were raised. 


Endorsement: Endorsed 


The purpose of this document was to seek GC EARB endorsement for Exceptions to the Windows 10 
and Windows Server 2008 IT Policy Implementation Notices (ITPIN). 


Feedback 
e No comments or concerns were raised. 


e DND exception numbers were not included in the original deck but were stated during the 
presentation. 


Endorsement: Endorsed 
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Paul Wagner (TBS) 
Raj Thuppal (SSC) 


The co-chairs thanked members for attending the meeting. 


The next meeting will be on January 14, 2021. 
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Canada Revenue Agency Lalonde ^ [oelR. Observer Yes —— 
Canada Revenue Agency harma Sancit  lObserver Ves 
Canadian Heritage Muray Miliam — Member — Yes 


Communications Security Establishment 


Communications Security Establishment 


Communications Security Establishment __—([ as ar 
Employment and Social Development Canada Au Lily Hoi Shan 
Employment and Social Development Canada Bouj —  Rona ^ Observer Yes 
Employment and Social Development Canada  Brazeau 
Employment and Social Development Canada (Carnegie 


i e 
Brazeau — e 
E | e 
e 
e 
e 
e 
Employment and Social Development Canada Lasalle — Shelley Observer Mes | 
Employment and Social Development Canada |i (Chi (Jimmy)  lObserver Mes | 
Employment and Social Development Canada |ipske [Robert Observer Yes | 
Employment and Social Development Canada Newion ^ Steve jObserver 
Prevost 
Sommers 


Observer Yes 
Employment and Social Development Canada E ash aeu d 


Employment and Social Development Canada 
Employment and Social Development Canada 
Employment and Social Development Canada 
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Employment and Social Development Canada _[Tupitsyn Oleg — lObserver Yes ——— 
Finance Canada Moore Jan lobserver Ves 
Fisheries and Oceans Canada (Carter David Andrew — Observer Yes 
Fisheries and Oceans Canada Manu Nana 
Health Canada MacKinnon (Chad Observer Yes 
Immigration, Refugees and Citizenship Canada Riel — Shawn Observer Ves 
Infrastructure Canada Ben Hassen  [ounaidi Observer Yes 


es 

Development Canada Moft ms — — Dre Me 
Development Canada Moffat Chris Observer es 

Library and Archives of Canada [Bouvier Dominique 
Library and Archives of Canada — Iza Stephane Observer Yes —— — 
National Defence — Blais Parent Gilbert Replacement Yes — 
Natural Resources Canada [Reid Mason (Observer — Yes ——— 
Privy Council Office —  — Nar ^  greeit Member No 
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Public Services and Procurement Canada Komal Surinder Ex-Officio Yes 
Public Services and Procurement Canada —— Wood Walter Observer Yes 
Public Services and Procurement Canada (Coulombe Sylvain lObserver Yes 
Shared Services Canada ARC —  Tark  lObserver Yes ——— 

i 

i a 


Statistics Canada 
Statistics Canada 


Shared Services Canada 
Shared Services Canada Jean-Baptiste 
Statistics Canada 


Shared Services Canada McLaughlin 
Shared Services Canada Niktash 
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Treasury Board of Canada Secretariat — Uean-Noel — — Dominiqe ^ lObserver — Yes 


Kelome 
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GC Enterprise Architecture Review Board (EARB) 
Record of Discussion 

August 13, 2020, 9:00 a.m. to 10:00 a.m. 

Via MS Teams 


Paul Wagner (TBS) 
Raj Thuppal (SSC) 


Co-chairs Paul Wagner (TBS) and Raj Thuppal (SSC) welcomed members. 


Fred Begley (TBS) 
Francois Brunet (TBS) 


The purpose of this presentation was to provide GC EARB information on the business need for a Pay 
Rules Data Solution and how TBS would be leveraging different technology to meet the need. A 
demonstration of the solution was provided. 


Feedback 

e An inquiry was made with regards to where the databases and data lakes will be stored. It was 
noted that there aren't any data lakes and that the databases are stored on the cloud on Azure 
using the TBS tenant; all information stored on the cloud is unclassified. 

e [here was an inquiry on whether this data solution could be re-used in other areas. This 
architecture can be re-used, it can help with unstructured data. 

e Aconcern was raised with regards to cloud portability. It was noted that the models are coupled to 
the vendor and cannot be moved. The Co-Chairs noted that vendor lock in is something that this 
committee needs to keep in mind moving forward. 


Endorsement: Endorsed 


Scott Levac (TBS) 
Ari Rizvi (SSC) 


The purpose of this presentation was to seek GC EARB endorsement for a new escalation process for 
guardrail drift including remediation actions for accounts that have drifted outside of the guardrails; 
and to endorse an update to the GC Public Cloud Roles & Responsibilities Document. 


Feedback 

e It was suggested that a pilot be carried out to ensure the escalation process works well and that 
there is a need to submit it to the Deputy Minister. The approach needs to be clarified regarding 
when the Deputy Minister will be brought in. Adjusting the language to acknowledge when a 
department begins to take corrective action would help clarify the process. 

e A balance between the previous approach and this approach needs to be found. The previous 
approach was too light and this approach is too heavy handed. 


Page 64 of 95 
000114 


ee Milne oo ee 2 


UNCLASSIFIED / NON CLASSIFIÉ 


e Some departments are not seeing the compliance reports. It was indicated that the First Violation 
notifications are sent to the account holder (designated users) for each account and that this list of 
users can be shared. 

e With respect to remediation, clarification was sought on whether only complete resolution is 
acceptable or is a plan to resolve acceptable. It was noted that the severity of the violation will be 
the indicator of action and what is required. 

e |t was suggested that departments should be able to run the audit tool on their own in order to be 
more proactive, and the department can then catch the non-compliant items faster than once a 
month. 

e [here was agreement that there is a need for this approach, and that the number of days (of 
inaction, non-response, total disagreement) before going to Deputy should be extended from three 
to seven days. It was noted that the non-compliance to guardrails need on be resolved within the 
seven-day period, however the department must also commit to solving the issues within that 
seven-day period. 

e Non-compliance must be reported and discussed at the Chief Information Officer Council (CIOC). 


Endorsement: Endorsed with modification of changing three days to seven days before escalating to 
the Deputy. 


Action: Change the three day to seven days before escalating to Deputy. 
Lead: Scott Levac, TBS 


Action: Non-compliance reports to be presented and discussed at CIOC. 
Lead: OCIO Committee Secretariat 


Paul Wagner (TBS) 
Raj Thuppal (SSC) 


Co-chairs Paul Wagner (TBS) and Raj Thuppal (SSC) thanked members for attending. 


The next meeting will be August 27, 2020. 
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TASK AUTHORIZATION 
Contractor: GC Strategies Contract Number: 24062-19-488 


Task Number: 008 Date: June 6, 2020 


Amendment Number pate 
ee — 


Background: 


The Open Government Portals directorate requires the services of an A.6 Programmer/Software Developer 
Open Source for operational support activities on both the Atip Online Request System (AORS) and Open 
Government Portal (OGP). 


The scope of this contract will be Azure infrastructure support for: 
@ AORS Artificial Intelligence modules 
OGP Data Quality System 
OGP Service inventory 


Liaise with TBS employees to collect requirements. 

identify any Azure resources that may be required. 

Develop stakenolder-approved architecture and backup routines in Azure cloud. 
Work with Azure provider to ensure availability and security of solutions. 

Work with TBS stakeholders to update system code when required. 

Provide regular status reporting to managers and senior management. 


Deliverables: 


e Cloud-hosted solution for AORS Al components 
e Cloud-hosted solution for OGP Data Quality system 
e Cloud-hosted solution for OGP Service inventory system 


Format of Deliverables: 


The Contractor may be required to provide deliverables in the following, but not limited to, the following 
formats: 

e Source code 

e Documentation in MS Word 


2. PERIOD OF From: Date of Award To: March 31, 2021 
SERVICES 
3. Work Location 90 Elgin Street 


4. Other Conditions []Yes [x]No Specify: 
/Restraints 
6. Basis of Payment Limitation of Expenditure [ x ] Ceiling Price [ | 
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7. METHOD OF PAYMENT: 


Singl L] Milestones 
8. LEVEL OF SECURITY CLEARANCE REQUIRED FOR THE CONTRACTOR’S PERSONNEL 


[ x ] Secret 
9. BILINGUALISM (if applicable) 
] English and French [ ] French [x] English 


TA Proposal 
[For completion by Contractor] 


[] Single 
8. LEVEL OF SECURITY CLEARANCE REQUIRED FOR THE CONTRACTOR'S PERSONNEL | 
EE 
_9. BILINGUALISM (if applicable) — — — — — 
10. Estimated Cost Contract — — — — — — o 


10. Estimated Cost Contract 
Category and Name of PWGSC Security Firm Per Diem Estimated 
Proposed Resource File Number Rate # of Days 
Open Source Developer (to be filled in by 
consulting firm) 
—— ——— — 


Total cost 


102,000.00$ 


Sub-total Professional Fees: 102,000.00$ 


HST: 13,260.00$ 


Total: 115,260.00$ 


TA Approval 


Signatures of Authorized Date 
Representatives 


June 6th, 2020 


11. Signing Authorities 


Name & Title of Individual Authorized to Sign 
on Behalf of Contractor: Kristian Firth, Partner 


Name & Title of Individual Authorized to Sign 


Pursuant to sub-section 32(1) of the Financial 
Administration Act: André Whittingham 


X. 


ri Ÿ 


- 6/10/2020 


PA 


Name & Title of Contracting Authority: 


12. Invoicing 


Payment to be made based on receipt of detailed invoices for services rendered, subject to full acceptance 
by the Project Authority. Total of payments not to exceed the grand total. 


The supplier should invoice in 74, 75, % or whole day increments. For example 1.00, 1.25, 1.50 or 1.75 days. 


CC. 


Financial Coding: FC 200408, PAA A002, GL 4664, Fund B120 


000124 


Algorithmic Impact Assessment Results 


Name of Respondent 


W Herbert 
Job Title 


senior analyst 


Department 


Treasury Board Secretariat 
Branch 


CIOB 
Project Title 


ATIP Digital Services 


Project Phase 


Implementation 
| Points: 0 | 
Please provide a project description: 


Simple central website for Canadians to submit ATIP requests 


What is motivating your team to introduce automation into this decision-making process? 
(Check all that apply) 


Improve overall quality of decisions 
Use innovative approaches 
Please check which of the following capabilities apply to your system. 


Text and speech analysis: Analyzing large data sets to recognize, process, and tag text, speech, 
voice, and make recommendations based on the tagging 

Content generation: Analyzing large data sets to categorize, process, triage, personalize, and 
serve specific content for specific contexts 

Impact Level: 2 

Current Score: 32 

Raw Impact Score: 38 

Mitigation Score: 36 


Requirements Specific to Impact Level: 2 
Peer Review 


At least one of:Qualified expert from a federal, provincial,territorial or municipal government 
institutionQualified members of faculty of a post - secondary institutionQualified researchers 
from a relevant non - governmental organizationContracted third - party vendor with a related 
specializationPublishing specifications of the Automated Decision System in a peer - reviewed 
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journalA data and automation advisory board specified by Treasury Board Secretariat 


Notice 


Plain language notice posted on the program or service website. 


Human-in-the-loop for decisions 


Decisions may be rendered without direct human involvement. 


Explanation Requirement 
In addition to any applicable legislative requirement, ensuring that a meaningful explanation is 


provided upon request for any decision that resulted in the denial of a benefit, a service, or other 
regulatory action. 


Testing 


Before going into production, develop the appropriate processes to ensure that training data is 
tested for unintended data biases and other factors that may unfairly impact the 
outcomes.Ensure that data being used by the Automated Decision System is routinely tested to 
ensure that it is still relevant, accurate, and up-to-date. 


Monitoring 


Monitor the outcomes of Automated Decision Systems on an ongoing basis to safeguard against 
unintentional outcomes and to ensure compliance with institutional and program legislation, as 
well as this Directive. 


Training 
Documentation on the design and functionality of the system. 


Contingency Planning 


None 


Approval for the system to operate 


None 

Link to the Directive on Automated Decision-Making Impact Level Requirements 
Mitigation Measures 

The following internal stakeholders have been consulted: 

The following external stakeholders have been consulted: 


A documented process is currently in place to test datasets against biases and other unexpected 
outcomes. 
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A process has been developed to document how data quality issues have been resolved during 
the design process. 


A Gender Based Analysis Plus has been conducted on the data that will be used by the system. 


Accountabilities for the design, development, maintenance, and improvements for the system 
have been assigned. 


A process has been developed to manage any risks of having outdated or unreliable data that 
could be used in the system. 


The data used for the system has been posted on the Open Government portal. 
The system records all the recommendations or decisions made by the system. 
All key decision points are identifiable in the audit trail. 


A change log has been developed to detail all of the changes made to the model and to the 
system. 


The system's audit trail indicates all of the decision points made by the system. 


The systems audit trail can be used to help generate a notification of the decision (including a 
Statement of reasons or other notifications) where required. 


The audit trail identifies which version of the system was used for each decision. 

The system is able to produce reasons for its decision or recommendations when required. 
There is a process in place to grant, monitor, and revoke access permission to the system. 
There is a mechanism to capture feedback by users of the systems. 

There is a recourse process in place for clients that wish to challenge the decision. 

The system enables human override of system decisions. 

There is a process in place to log instances when overrides were performed. 


The systems audit trail includes change control processes to record modifications to the 
systems operation or performance. 


A concept case has been prepared for the Government of Canada Enterprise Architecture Review 
Board. 


Questions and Answers 
Impact Questions and Answers 


000127 


Document released under the Access to Information Act / 
Document divulgué en vertu de la Loi sur l'accès à l'information 


Is the project within an area of intense public scrutiny (e.g. because of privacy concerns) and/or 
frequent litigation? 


Yes 
| Points: +3 | 
Are clients in this line of business particularly vulnerable? 


No 
| Points: +0 | 
Are stakes of the decisions very high? 


No 
[ Points: +0 ] 
Will this project have major impacts on staff, either in terms of their numbers or their roles? 


No 
| Points: +0 | 
Will you require new policy authority for this project? 


Yes 
| Points: +2 | 
The algorithm used will be a (trade) secret 


Yes 
| Points: +3 | 
The algorithmic process will be difficult to interpret or to explain 


Yes 
| Points: +3 | 
Will the system only be used to assist a decision-maker? 


Yes 
| Points: +1 | 
Will the system be replacing a decision that would otherwise be made by a human? 


Yes 
| Points: +3 | 
Will the system be replacing human decisions that require judgement or discretion? 


No 
[ Points: +0] 
Is the system used by a different part of the organization than the ones who developed it? 


Yes 
| Points: +4 | 
Are the impacts resulting from the decision reversible? 


Reversible 
| Points: +1 | 
How long will impacts from the decision last? 


Impacts are most likely to be brief 
| Points: +1 | 
Please describe why the impacts resulting from the decision are as per selected option above. 
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a misdirected request would immediately be redirected to the appropriate GoC institution 


The impacts that the decision will have on the rights or freedoms of individuals will likely be: 


Little to no impact 
| Points: +1 | 
Please describe why the impacts resulting from the decision are (as per selected option above). 


does not prevent requester from exercising their right to information 


The impacts that the decision will have on the health and well-being of individuals will likely be: 


Little to no impact 
| Points: +1 | 
Please describe why the impacts resulting from the decision are (as per selected option above) 


n/a 


The impacts that the decision will have on the economic interests of individuals will likely be: 


Little to no impact 
| Points: +1 | 
Please describe why the impacts resulting from the decision are (as per selected option above) 


n/a 


The impacts that the decision will have on the ongoing sustainability of an environmental 
ecosystem, will likely be: 


Little to no impact 
| Points: +1 | 
Please describe why the impacts resulting from the decision are (as per selected option above) 


n/a 


Will the Automated Decision System use personal information as input data? 


No 
| Points: +0 | 
What is the highest security classification of the input data used by the system? (Select one) 


None 
| Points: +0 | 
Who controls the data? 


Federal government 
| Points: +1 | 
Will the system use data from multiple different sources? 


Yes 
| Points: +4 | 
Will the system require input data from an Internet- or telephony-connected device? (e.g. 
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Internet of Things, sensor) 


No 
| Points: +0 | 
Will the system interface with other IT systems? 


Yes 
| Points: +4 | 
Who collected the data used for training the system? 


Your institution 
[ Points: +1 ] 
Who collected the input data used by the system? 


Your institution 

| Points: +1 | 

Will the system require the analysis of unstructured data to render a recommendation or a 
decision? 


Yes 
| Points: 0 | 
What types of unstructured data? (Check all that apply) 


Audio and text files 
| Points: +2 | 


Mitigation Questions and Answers 


Internal Stakeholders (Strategic policy and planning, Data Governance, Program Policy, etc.) 


Yes 
| Points: +1 | 
External Stakeholders (Civil Society, Academia, Industry, etc.) 


Yes 

| Points: +1 | 

Do you have documented processes in place to test datasets against biases and other 
unexpected outcomes? This could include experience in applying frameworks, methods, 
guidelines or other assessment tools. 


Yes 
[ Points: +2 | 
Is this information publicly available? 


No 

| Points: +0 | 

Have you developed a process to document how data quality issues were resolved during the 
design process? 


Yes 
| Points: +1 | 
Is this information publicly available? 


No 
| Points: +0 | 
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Have you undertaken a Gender Based Analysis Plus of the data? 


Yes 
| Points: +1 | 
Is this information publicly available? 


No 

| Points: +0 | 

Have you assigned accountability in your institution for the design, development, maintenance, 
and improvement of the system? 


Yes 

[| Points: +2 ] 

Do you have a documented process to manage the risk that outdated or unreliable data is used 
to make an automated decision? 


Yes 
| Points: +2 | 
Is this information publicly available? 


NO 
| Points: +0 | 
Is the data used for this system posted on the Open Government Portal? 


Yes 
| Points: +2 | 
Does the audit trail identify the authority or delegated authority identified in legislation? 


NO 

| Points: +0 | 

Does the system provide an audit trail that records all the recommendations or decisions made 
by the system? 


Yes 
| Points: +2 | 
Are all key decision points identifiable in audit trail? 


Yes 

| Points: +2 | 

Are all key decision points within the automated systems logic linked to the relevant legislation, 
policy or procedures? 


NO 

[ Points: +0 | 

Do you maintain a current and up to date log detailing all of the changes made to the model and 
the system? 


Yes 
| Points: +2 | 
Does the systems audit trail indicate all of decision points made by the system? 


Yes 
| Points: +1 | 
Can the audit trail generated by the system be used to help generate a notification of the 
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decision (including a statement of reasons or other notifications) where required? 


Yes 

| Points: +1 | 

Does the audit trail identify precisely which version of the system was used for each decision it 
supports? 


Yes 
| Points: +2 | 
Does the audit trail show who an authorized decision-maker is? 


No 
[ Points: +0 ] 
Is the system able to produce reasons for its decisions or recommendations when required? 


Yes 
| Points: +2 | 
Is there a process in place to grant, monitor, and revoke access permission to the system? 


Yes 
| Points: +1 | 
Is there a mechanism to capture feedback by users of the system? 


Yes 
| Points: +1 | 
IS there a recourse process established for clients that wish to challenge the decision? 


Yes 
| Points: +2 | 
Does the system enable human override of system decisions? 


Yes 
| Points: +2 | 
Is there a process in place to log the instances when overrides were performed? 


Yes 

| Points: +1 | 

Does the systems audit trail include change control processes to record modifications to the 
system's operation or performance? 


Yes 

[ Points: +2 | 

Have you prepared a concept case to the Government of Canada Enterprise Architecture Review 
Board? 


Yes 
| Points: +1 | 
Have you completed a Privacy Impact Assessment or revised an existing one? 


Yes 

| Points: +1 | 

Does your system reflect Privacy by Design principles? 
Yes 
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| Points: +1 | 
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Résultats de l'Évaluation de l'incidence 
Algorithmique 


Nom de la personne sondée 


W Herbert 


Titre du poste 


analyste principal 

Ministère 

Secrétariat du Conseil du Trésor 
Direction 

BDPI 


Titre du projet 


Services numériques d'AIPRP 


Phase du projet 


Implémentation 
| Points: 0 | 
Veuillez fournir une description du projet: 


Site Web central et simple permettant aux Canadiens de soumettre des demandes d'AIPRP 


Qu'est-ce qui motive votre équipe à introduire l'automatisation dans ce processus décisionnel? 
(Cochez toutes les réponses qui s'appliquent.) 


Amélioration de la qualité générale des décisions 
Utilisation d'approches novatrices 
Veuillez indiquer laquelle des capacités suivantes s'applique à votre système. 


Analyse du texte et de la parole: Analyser de vastes jeux de données pour reconnaître, traiter et 
étiqueter le texte, la parole, la voix et faire des recommendations en fonction du marquage. 
Génération de contenu: Analyser de vastes jeux de données pour créer des catégories, traiter, 
trier, personnaliser et servir un contenu spécifique destiné à des contextes particuliers. 

Niveau d'incidence: 2 

Cote actuelle: 32 

Cote d'incidence brute: 38 

Cote d'atténuation: 36 


Exigences spécifiques au niveau d'incidence : 2 
Examen par les pairs 


Au moins l' une des suivantes:Expert qualifié d' une institution gouvernementale fédérale, 
provinciale, territoriale ou municipale. Membres qualifiés d’une faculté d’un établissement 
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postsecondaire.Chercheurs qualifiés d' une organisation non gouvernementale pertinente. Tiers 
fournisseur à forfait avec une spécialisation connexe.Publication des spécifications du systéme 
décisionnel automatisé dans une revue à comité de lecture.Un comité consultatif des données 
spécifié par le Secrétariat du Conseil du Trésor. 


Avis 
Avis en langage simple publié par l'entremise du site Web du programme ou du service. 


Maillon humain de la prise de décisions 


Des décisions peuvent étre prises sans participation humaine directe. 


Exigences en matiere d'explication 


En plus de toute exigence législative applicable, s assurer qu'une explication significative est 
fournie sur demande avec toute décision qui conduit à un refus de prestation, de service ou autre 
mesure réglementaire. 


e ~ J e 
Mise à l'essal 
Avant d'amorcer la production, élaborer les processus appropriés afin de veiller à ce que les 
données d'apprentissage soient évaluées pour la présence de biais imprévus dans les données 
et d'autres facteurs qui pourraient influencer injustement les résultats.Veiller à ce que les 


données utilisées par le système décisionnel automatisé soient régulièrement mises à I’ essai 
afin de veiller à ce qu' elles soient toujours pertinentes, exactes et à jour. 


Surveillance 
Surveiller les résultats des systémes décisionnels automatisés afin de protéger contre les 


résultats imprévus et d'assurer la conformité avec les dispositions législatives institutionnelles et 
relatives aux programmes, ainsi qu'avec la présente Directive. 


Formation 


Documents sur la conception et la fonctionnalité du système. 


Planification des mesures d'urgence 


Aucune 


Approbation de l'exploitation du systeme 


Aucune 


automatisée 


Mesures d'atténuation 


Les intervenants internes suivants ont été consultés: 


Les intervenants externes suivants ont été consultés: 
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Un processus documenté est actuellement en place pour tester les ensembles de données par 
rapport aux biais et autres résultats inattendus. 


Un processus a été élaboré pour documenter la façon dont les problèmes de qualité des 
données ont été résolus au cours du processus de conception. 


Une analyse comparative entre les sexes a été effectuée sur les données qui seront utilisées par 
le système. 


Les responsabilités relatives à la conception, à l'élaboration, à l'entretien et aux améliorations du 
système ont été attribuées. 


Un processus a été mis au point pour gérer le risque que des données désuetes ou non fiables 
puissent être utilisées dans le système. 


Les données utilisées pour le système ont été affichées sur le portail du Government Ouvert. 
Le système enregistre toutes les recommandations ou décisions prises par le système. 
Tous les points de décision cles sont identifiables dans la piste d'audit. 


Un journal des modifications a été élaboré pour détailler toutes les modifications apportées au 
modèle et au système. 


La piste de vérification du système indique tous les points de décision pris par le système. 


La piste d'audit générée par le système peut être utilisée pour générer des avis, y compris un 
exposé des motifs. 


La piste de vérification indique quelle version du système a été utilisée pour chaque décision. 


Le système est en mesure de produire les motifs de sa décision ou de ses recommandations au 
besoin. 


Un processus est en place pour accorder, surveiller et révoquer l'autorisation d'accès au système. 
Il existe un mécanisme pour recueillir les commentaires des utilisateurs des systèmes. 

Un processus de recours est en place pour les clients qui souhaitent contester la décision. 

Le système permet à l'homme de passer outre aux décisions du système. 

Il y a un processus en place pour consigner les cas où des dérogations ont été effectuées. 


La piste de vérification du système comprend des processus de contrôle des changements pour 
enregistrer les modifications apportées au fonctionnement ou au rendement du système. 


Un dossier conceptuel a été préparé pour le Comité d'examen de l'architecture d'entreprise du 
gouvernement du Canada. 


Une évaluation des facteurs relatifs à la vie privée a été effectuée ou une EFVP existante a été 
révisée. 
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Le système a été conçu en tenant compte des principes de la protection de la vie privée par la 
conception. 


Questions et réponses 
Questions et réponses liées aux risques 


Le projet fait-il l'objet d'un examen public approfondi (e.g.: en raison de préoccupations liées à 
la protection de la vie privée) et/ou de litiges fréquents? 


Oui 
[| Points: +3] 
Les clients de ce secteur d'activité sont-ils particulierement vulnérables? 


Non 
| Points: +0 | 
Les enjeux des décisions de ce programme sont-ils trés élevés? 


Non 

| Points: +0 | 

Ce projet aura-t-il d'importantes répercussions sur le personnel, que ce soit en termes de 
nombre ou de róle? 


Non 
| Points: +0 | 
Aurez-vous besoin d'une nouvelle autorisation en termes de politiques pour ce projet ? 


Oui 
| Points: +2 | 
Lalgorithme utilisé sera un secret (commercial) 


Oui 
| Points: +3 | 
Le processus algorithmique sera difficile à interpréter ou à expliquer 


Oui 

| Points: +3 | 

Le système automatisera-t-il ou remplacera-t-il les décisions humaines qui exigent du jugement 
ou de la discrétion? 


Oui 

[| Points: +1 | 

Le systeme automatisera-t-il ou remplacera-t-il les décisions humaines qui exigent du jugement 
ou de la discrétion? 


Oui 

| Points: +3 | 

Le système automatisera-t-il ou remplacera-t-il les décisions humaines qui exigent du jugement 
ou de la discrétion? 


Non 

| Points: +0 | 

Le systeme est-il utilisé par une partie de l'organisation différente de celle à laquelle 
appartiennent ceux qui l'ont développé? 
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Oui 
| Points: +4 | 
Les incidences découlant de la décision sont-elles réversibles? 


Réversible 
| Points: +1 | 
Combien de temps les incidences de la décision dureront-elles? 


Les incidences risquent fort probablement d'être brèves 

[ Points: +1 ] 

Veuillez indiquer pour quelle raison les incidences découlant de la décision sont (selon l'option 
sélectionnée ci-dessus). 


une demande mal acheminée serait immédiatement redirigée vers l'institution appropriée du GC 


Les incidences de la décision sur les droits ou libertés des personnes seront probablement les 
suivantes : 


Incidence faible ou nulle 

| Points: +1 | 

Veuillez indiquer pour quelle raison les incidences découlant de la décision sont (selon l'option 
sélectionnée ci-dessus). 


nempêche pas le demandeur d'exercer son droit à l'information 


Les incidences de la décision sur la santé et le bien-être des personnes seront probablement les 
suivantes : 


Incidence faible ou nulle 

| Points: +1 | 

Veuillez indiquer pour quelle raison les incidences découlant de la décision sont (selon l'option 
sélectionnée ci-dessus). 


S/O 


Les incidences de la décision sur les intérêts économiques des personnes seront probablement 
les suivantes : 


Incidence faible ou nulle 

[ Points: +1 ] 

Veuillez indiquer pour quelle raison les incidences découlant de la décision sont (selon l'option 
sélectionnée ci-dessus). 


S/O 


Les incidences de la décision sur la pérennité d'un écosystéme environnemental seront 
probablement les suivantes : 


Incidence faible ou nulle 

| Points: +1 | 

Veuillez indiquer pour quelle raison les incidences découlant de la décision sont (selon l'option 
sélectionnée ci-dessus). 
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S/O 


Le système de décision automatisé utilisera-t-il des renseignements personnels comme 
données d'entrée? 


Non 

| Points: +0 | 

Quelle est la classification de sécurité la plus élevée des données d'entrée utilisées par le 
systeme? (N'en choisir qu'une seule) 


Aucun 
[ Points: +0 | 
Qui contrôle les données? 


Gouvernement fédéral 
[| Points: +1 | 
Les données utilisées par le système proviendront-elles de plusieurs sources différentes? 


Oui 

| Points: +4 | 

Le système aura-t-il besoin de données d'entrée provenant d'un appareil connecté à Internet ou 
à la téléphonie? (P. ex., internet des objets, un Capteur) 


Non 
| Points: +0 | 
Le système interagira-t-il avec d'autres systèmes des TI? 


Oui 
| Points: +4 | 
Qui a recueilli les données utilisées pour préparer le système? 


Votre institution 
| Points: +1 | 
Qui a recueilli les données d'entrée utilisées par le système? 


Votre institution 

| Points: +1 | 

Le système exigera-t-il l'analyse de données non structurées pour faire une recommandation ou 
prendre une décision? 


Oui 
[| Points: 0 | 
De quel type de données non structurées s'agit-il (Cochez toutes les réponses qui s'appliquent)? 


Fichiers audio et textuels 

| Points: +2 | 

Questions et réponses liées aux mesures d'atténuation 
Intervenants internes (politique et planification stratégiques, gouvernance des données, 
politique du programme, etc.) 

Oui 

| Points: +1 | 
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Intervenants externes (société civile, universités, industrie, etc.) 


Oui 

| Points: +1 | 

Disposez-vous de processus documentés pour tester les jeux de données en fonction de biais 
et d'autres résultats inattendus? Par exemple, ceci pourrait inclure une expérience dans 
l'application de cadres, de méthodes, de lignes directrices ou d'outils d'évaluation. 


Oui 
| Points: +2 | 
Cette information est-elle publiquement disponible? 


Non 

[ Points: +0 ] 

Avez-vous élaboré un processus permettant de documenter la facon dont les problémes de 
qualité des données qui seront résolus pendant le processus de conception? 


Oui 
| Points: +1 | 
Cette information est-elle publiquement disponible? 


Non 
| Points: +0 | 
Avez-vous entrepris une analyse comparative entre les sexes plus des données? 


Oui 
| Points: +1 | 
Cette information est-elle publiquement disponible? 


Non 

| Points: +0 | 

Dans votre établissement, existe-t-il des responsables de la conception, du développement, de 
la maintenance et de l'amélioration du systeme? 


Oui 

| Points: +2 | 

Disposez-vous d'un processus documenté pour gérer le risque que des données périmées ou 
non fiables soient utilisées pour prendre une décision automatisée? 


Oui 
[ Points: +2 ] 
Cette information est-elle publiquement disponible? 


Non 

| Points: +0 | 

Les données utilisées pour ce systeme seront-elles affichées sur la portail du gouvernement 
ouvert? 


Oui 

| Points: +2 | 

La piste de vérification permet-elle de déterminer les pouvoirs ou les pouvoirs délégués prévus 
par la lois? 


Non 
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| Points: +0 | 
Le système fournit-il une piste de vérification qui enregistre toutes les recommandations ou 
décisions prises par le système? 


Oui 
| Points: +2 | 
Est-ce que tous les points de décision clés peuvent être identifiés dans la piste de vérification? 


Oui 

| Points: +2 | 

Est-ce que toutes les décisions clés sont liées à une législation, politique ou a une procedure 
pertinente? 


Non 
| Points: +0 | 
Avez-vous un journal detaillant toutes les modifications apportees au modele et au systeme? 


Oui 
| Points: +2 | 


Oui 

| Points: +1 | 

La piste de vérification générée par le système peut-elle être utilisée pour aider à produire une 
notification de la décision (y compris un énoncé des motifs ou une autre notification) au 
besoin? 


Oui 

| Points: +1 | 

La piste de vérification permet-elle de déterminer précisément quelle version du système a été 
utilisée pour chaque décision qu'elle appuie? 


Oui 
| Points: +2 | 
La piste de vérification indique-t-elle qui est le décideur autorisé? 


Non 
| Points: +0 | 
Le système est-il en mesure de justifier ses décisions ou ses recommandations au besoin? 


Oui 

[| Points: +2 | 

Avez-vous un processus en place pour accorder, surveiller et révoquer l'autorisation d'accès au 
système? 


Oui 
[| Points: +1 | 
Avez-vous un mécanisme pour recueillir les commentaires des utilisateurs du système? 


Oui 

| Points: +1 | 

Avez-vous un processus de recours prévu ou établi pour les clients qui souhaitent contester la 
décision? 


Oui 
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[ Points: +2 ] 
Le système permet-il à une personne de passer outre aux décisions du système? 


Oui 
[ Points: +2 ] 
Avez-vous un processus en place pour consigner les cas ou des dérogations ont été effectuées? 


Oui 

| Points: +1 | 

Avez-vous des processus en place pour enregistrer les modifications apportées au 
fonctionnement ou au rendement du système? 


Oui 

[| Points: +2] 

Avez-vous prepare un dossier conceptuel à l'intention du Comite d'examen de l'architecture 
d'entreprise du gouvernement du Canada? 


Oui 

| Points: +1 | 

Avez-vous entrepris une évaluation des facteurs relatifs à la vie privée ou révisé une évaluation 
existante? 


Oui 
| Points: +1 | 
Votre système reflète-t-il les principes de la ‘Protection de la vie privée des la conception’? 


Oui 
| Points: +1 | 
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